trogdor: support mbn_version 6 with python build scripts

Developer/Reviewer, be aware of this patch from Mistral:
 https://review.coreboot.org/c/coreboot/+/33425/18

Change-Id: I020d1e4d4f5c948948e1b39dd18af1d0e860c279
Signed-off-by: T Michael Turney <mturney@codeaurora.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/35506
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
This commit is contained in:
T Michael Turney 2019-08-07 14:26:32 -07:00 committed by Julius Werner
parent 01bfa53f77
commit bcd62f5737
3 changed files with 112 additions and 70 deletions

View File

@ -44,11 +44,13 @@
#
# when who what, where, why
# -------- --- ------------------------------------------------------
# 05/21/19 rissha Added --mbn_version to add MBN header accordingly
# 03/26/18 tv Added -e to enable extended MBNV5 support
# 09/04/15 et Added -x and -d to embed xbl_sec ELF
# 02/11/15 ck Fixed missing elf type check in ZI OOB feature
# 11/04/14 ck Updated calls to mbn_tools functions
# 10/22/14 ck Added -z option to remove out of bounds ZI segments when converting from 64 to 32
# 10/22/14 ck Added -z option to remove out of bounds ZI segments when
# converting from 64 to 32
# 10/10/14 ck Added -c option and logic to enable elf type swapping
# 09/12/14 ck Added single file logic
# 08/29/14 ck Added no_hash option
@ -119,6 +121,10 @@ def main():
help="Removes ZI segments that have addresses greater" + \
" than 32 bits when converting from a 64 to 32 bit ELF")
parser.add_option("--mbn_version",
action="store", type="int", dest="mbn_version",
help="Add mbn header in elf image. '3', '5' or '6'")
(options, args) = parser.parse_args()
if not options.elf_inp_file1:
@ -206,11 +212,13 @@ def main():
else:
zi_oob_enabled = True
if options.elf_inp_xbl_sec:
is_ext_mbn_v5 = True
else:
is_ext_mbn_v5 = False
header_version = 3
if options.elf_inp_xbl_sec:
header_version = 5
if options.mbn_version:
header_version = options.mbn_version
mbn_type = 'elf'
header_format = 'reg'
@ -244,7 +252,7 @@ def main():
is_elf_xbl_sec_64_bit,
is_out_elf_64_bit,
zi_oob_enabled,
is_ext_mbn_v5)
header_version)
# Hash the image if user did not explicitly say not to
@ -259,7 +267,8 @@ def main():
source_elf,
target_hash,
elf_out_file_name = target_phdr_elf,
secure_type = image_header_secflag)
secure_type = image_header_secflag,
header_version = header_version )
if rv:
raise RuntimeError, "Failed to run pboot_gen_elf"
@ -269,8 +278,8 @@ def main():
target_hash,
target_hash_hd,
image_header_secflag,
is_ext_mbn_v5,
elf_file_name = source_elf)
elf_file_name = source_elf,
header_version = header_version)
if rv:
raise RuntimeError, "Failed to create image header for hash segment"
@ -305,7 +314,7 @@ def merge_elfs(env,
is_elf_xbl_sec_64_bit,
is_out_elf_64_bit,
zi_oob_enabled,
is_ext_mbn_v5):
header_version):
[elf_header1, phdr_table1] = \
mbn_tools.preprocess_elf_file(elf_in_file_name1)
@ -663,7 +672,7 @@ def merge_elfs(env,
new_phdr.p_paddr = phys_virt_addr
new_phdr.p_filesz = os.path.getsize(elf_in_file_xbl_sec)
new_phdr.p_memsz = new_phdr.p_filesz
if is_ext_mbn_v5 == True:
if header_version >= 5:
new_phdr.p_flags = (0x5 |
(mbn_tools.MI_PBT_XBL_SEC_SEGMENT <<
mbn_tools.MI_PBT_FLAG_SEGMENT_TYPE_SHIFT));
@ -677,7 +686,7 @@ def merge_elfs(env,
new_phdr = mbn_tools.Elf32_Phdr('\0' * ELF32_PHDR_SIZE)
new_phdr.p_type = 0x1 #
new_phdr.p_offset = segment_offset
if is_ext_mbn_v5 == True:
if header_version >= 5:
new_phdr.p_flags = (0x5 |
(mbn_tools.MI_PBT_XBL_SEC_SEGMENT <<
mbn_tools.MI_PBT_FLAG_SEGMENT_TYPE_SHIFT));

View File

@ -41,6 +41,7 @@
#
# when who what, where, why
# -------- --- ---------------------------------------------------------
# 05/21/18 rissha Added support for extended MBNV6 and Add support for hashing elf segments with SHA384
# 03/22/18 thiru Added support for extended MBNV5.
# 06/06/13 yliong CR 497042: Signed and encrypted image is corrupted. MRC features.
# 03/18/13 dhaval Add support for hashing elf segments with SHA256 and
@ -68,11 +69,9 @@ PAD_BYTE_1 = 255 # Padding byte 1s
PAD_BYTE_0 = 0 # Padding byte 0s
SHA256_SIGNATURE_SIZE = 256 # Support SHA256
MAX_NUM_ROOT_CERTS = 4 # Maximum number of OEM root certificates
MI_BOOT_IMG_HDR_SIZE = 40 # sizeof(mi_boot_image_header_type)
MI_BOOT_SBL_HDR_SIZE = 80 # sizeof(sbl_header)
BOOT_HEADER_LENGTH = 20 # Boot Header Number of Elements
SBL_HEADER_LENGTH = 20 # SBL Header Number of Elements
FLASH_PARTI_VERSION = 3 # Flash Partition Version Number
MAX_PHDR_COUNT = 100 # Maximum allowable program headers
CERT_CHAIN_ONEROOT_MAXSIZE = 6*1024 # Default Cert Chain Max Size for one root
VIRTUAL_BLOCK_SIZE = 131072 # Virtual block size for MCs insertion in SBL1 if ENABLE_VIRTUAL_BLK ON
@ -150,7 +149,6 @@ values.
MI_PBT_FLAGS_MASK = 0x0FF00000
# Helper defines to help parse ELF program headers
MI_PROG_BOOT_DIGEST_SIZE = 20
MI_PBT_FLAG_SEGMENT_TYPE_MASK = 0x07000000
MI_PBT_FLAG_SEGMENT_TYPE_SHIFT = 0x18
MI_PBT_FLAG_PAGE_MODE_MASK = 0x00100000
@ -528,7 +526,7 @@ class SegmentInfo:
class Boot_Hdr:
def __init__(self, init_val):
self.image_id = ImageType.NONE_IMG
self.flash_parti_ver = FLASH_PARTI_VERSION
self.flash_parti_ver = 3
self.image_src = init_val
self.image_dest_ptr = init_val
self.image_size = init_val
@ -573,6 +571,10 @@ class Boot_Hdr:
self.reserved_2,
self.reserved_3 ]
if self.flash_parti_ver >= 6:
values.insert(10, self.metadata_size_qti)
values.insert(11, self.metadata_size)
if self.image_dest_ptr >= 0x100000000:
values[3] = 0xFFFFFFFF
@ -584,6 +586,10 @@ class Boot_Hdr:
# Write 10 entries(40B) or 20 entries(80B) of boot header
if write_full_hdr is False:
if self.flash_parti_ver >= 6:
s = struct.Struct('I'* 12)
values = values[:12]
else:
s = struct.Struct('I'* 10)
values = values[:10]
else:
@ -904,7 +910,6 @@ def image_header(env, gen_dict,
code_file_name,
output_file_name,
secure_type,
is_ext_mbn_v5,
header_format = 'reg',
requires_preamble = False,
preamble_file_name = None,
@ -912,7 +917,8 @@ def image_header(env, gen_dict,
write_full_hdr = False,
in_code_size = None,
cert_chain_size_in = CERT_CHAIN_ONEROOT_MAXSIZE,
num_of_pages = None):
num_of_pages = None,
header_version = None):
# Preliminary checks
if (requires_preamble is True) and (preamble_file_name is None):
@ -945,9 +951,12 @@ def image_header(env, gen_dict,
cert_chain_size = 0
image_size = code_size
if header_version:
assert header_version in [3, 5, 6], 'Not a valid MBN header version'
# For ELF or hashed images, image destination will be determined from an ELF input file
if gen_dict['IMAGE_KEY_MBN_TYPE'] == 'elf':
image_dest = get_hash_address(elf_file_name) + MI_BOOT_IMG_HDR_SIZE
image_dest = get_hash_address(elf_file_name) + (header_size(header_version))
elif gen_dict['IMAGE_KEY_MBN_TYPE'] == 'bin':
image_dest = gen_dict['IMAGE_KEY_IMAGE_DEST']
image_source = gen_dict['IMAGE_KEY_IMAGE_SOURCE']
@ -991,13 +1000,16 @@ def image_header(env, gen_dict,
boot_header.sig_size = signature_size
boot_header.cert_chain_ptr = image_dest + code_size + signature_size
boot_header.cert_chain_size = cert_chain_size
boot_header.flash_parti_ver = header_version # version
if is_ext_mbn_v5 == True:
# If platform image integrity check is enabled
boot_header.flash_parti_ver = 5 # version
if header_version >= 5:
boot_header.image_src = 0 # sig_size_qc
boot_header.image_dest_ptr = 0 # cert_chain_size_qc
if header_version >= 6:
boot_header.metadata_size_qti = 0 # qti_metadata size
boot_header.metadata_size = 0 # oem_metadata size
# If preamble is required, output the preamble file and update the boot_header
if requires_preamble is True:
boot_header = image_preamble(gen_dict, preamble_file_name, boot_header, num_of_pages)
@ -1021,12 +1033,22 @@ def pboot_gen_elf(env, elf_in_file_name,
last_phys_addr = None,
append_xml_hdr = False,
is_sha256_algo = True,
cert_chain_size_in = CERT_CHAIN_ONEROOT_MAXSIZE):
global MI_PROG_BOOT_DIGEST_SIZE
if (is_sha256_algo is True):
MI_PROG_BOOT_DIGEST_SIZE = 32
cert_chain_size_in = CERT_CHAIN_ONEROOT_MAXSIZE,
header_version = None):
sha_algo = 'SHA1'
if is_sha256_algo:
sha_algo = 'SHA256'
if header_version >= 6:
sha_algo = 'SHA384'
image_header_size = header_size(header_version)
if (sha_algo == 'SHA384'):
mi_prog_boot_digest_size = 48
elif sha_algo == 'SHA256':
mi_prog_boot_digest_size = 32
else:
MI_PROG_BOOT_DIGEST_SIZE = 20
mi_prog_boot_digest_size = 20
# Open Files
elf_in_fp = OPEN(elf_in_file_name, "rb")
@ -1052,7 +1074,7 @@ def pboot_gen_elf(env, elf_in_file_name,
elf_header_size = ELF32_HDR_SIZE
is_elf64 = False
hash = '\0' * MI_PROG_BOOT_DIGEST_SIZE
hash = '\0' * mi_prog_boot_digest_size
phdr_start = 0
bytes_to_pad = 0
hash_seg_end = 0
@ -1071,12 +1093,12 @@ def pboot_gen_elf(env, elf_in_file_name,
elf_header.e_phnum += 2
# Create an empty hash entry for PHDR_TYPE
hash_out_fp.write('\0' * MI_PROG_BOOT_DIGEST_SIZE)
hashtable_size += MI_PROG_BOOT_DIGEST_SIZE
hash_out_fp.write('\0' * mi_prog_boot_digest_size)
hashtable_size += mi_prog_boot_digest_size
# Create an empty hash entry for the hash segment itself
hash_out_fp.write('\0' * MI_PROG_BOOT_DIGEST_SIZE)
hashtable_size += MI_PROG_BOOT_DIGEST_SIZE
hash_out_fp.write('\0' * mi_prog_boot_digest_size)
hashtable_size += mi_prog_boot_digest_size
# Begin hash table generation
for i in range(num_phdrs):
@ -1110,14 +1132,14 @@ def pboot_gen_elf(env, elf_in_file_name,
fbuf = elf_in_fp.read(hash_size)
if MI_PBT_CHECK_FLAG_TYPE(curr_phdr.p_flags) is True:
hash = generate_hash(fbuf, is_sha256_algo)
hash = generate_hash(fbuf, sha_algo)
else:
hash = '\0' * MI_PROG_BOOT_DIGEST_SIZE
hash = '\0' * mi_prog_boot_digest_size
# Write hash to file
hash_out_fp.write(hash)
hashtable_size += MI_PROG_BOOT_DIGEST_SIZE
hashtable_size += mi_prog_boot_digest_size
seg_offset += ELF_BLOCK_ALIGN
# Copy the hash entry for all that are PAGED segments and those that are not the PHDR type. This is for
@ -1129,14 +1151,14 @@ def pboot_gen_elf(env, elf_in_file_name,
file_buff = elf_in_fp.read(data_len)
if (MI_PBT_CHECK_FLAG_TYPE(curr_phdr.p_flags) is True) and (data_len > 0):
hash = generate_hash(file_buff, is_sha256_algo)
hash = generate_hash(file_buff, sha_algo)
else:
hash = '\0' * MI_PROG_BOOT_DIGEST_SIZE
hash = '\0' * mi_prog_boot_digest_size
# Write hash to file
hash_out_fp.write(hash)
hashtable_size += MI_PROG_BOOT_DIGEST_SIZE
hashtable_size += mi_prog_boot_digest_size
# End hash table generation
# Generate the rest of the ELF output file if specified
@ -1151,7 +1173,7 @@ def pboot_gen_elf(env, elf_in_file_name,
# Initialize the hash table program header
[hash_Phdr, pad_hash_segment, hash_tbl_end_addr, hash_tbl_offset] = \
initialize_hash_phdr(elf_in_file_name, hashtable_size, MI_BOOT_IMG_HDR_SIZE, ELF_BLOCK_ALIGN, is_elf64)
initialize_hash_phdr(elf_in_file_name, hashtable_size, image_header_size, ELF_BLOCK_ALIGN, is_elf64)
# Check if hash segment max size parameter was passed
if (hash_seg_max_size is not None):
@ -1252,7 +1274,7 @@ def pboot_gen_elf(env, elf_in_file_name,
# Read the program header and compute hash
proghdr_buff = elf_out_fp.read(elf_header.e_phnum * phdr_size)
hash = generate_hash(elfhdr_buff + proghdr_buff, is_sha256_algo)
hash = generate_hash(elfhdr_buff + proghdr_buff, sha_algo)
# Write hash to file as first hash table entry
hash_out_fp.seek(0)
@ -1592,7 +1614,7 @@ def generate_code_hash(env, elf_in_file_name):
page = page + elf_in_fp.read(bytes_in_page - len(page))
if (len(page) < DP_PAGE_SIZE):
page = page + (struct.pack('b', 0) * (DP_PAGE_SIZE - len(page)))
hashes = hashes + [generate_hash(page, True)]
hashes = hashes + [generate_hash(page, 'SHA256')]
bytes_left -= bytes_in_page
# And write them to the hash segment
@ -2101,9 +2123,20 @@ def file_copy_offset(in_fp, in_off, out_fp, out_off, num_bytes):
#----------------------------------------------------------------------------
# sha1/sha256 hash routine wrapper
#----------------------------------------------------------------------------
def generate_hash(in_buf, is_sha256_algo):
def header_size(header_version):
if header_version >= 6:
return 48
else:
return 40
#----------------------------------------------------------------------------
# sha1/sha256 hash routine wrapper
#----------------------------------------------------------------------------
def generate_hash(in_buf, sha_algo):
# Initialize a SHA1 object from the Python hash library
if (is_sha256_algo is True):
if sha_algo == 'SHA384':
m = hashlib.sha384()
elif sha_algo == 'SHA256':
m = hashlib.sha256()
else:
m = hashlib.sha1()

View File

@ -1,4 +1,4 @@
#!/usr/bin/python
#!/usr/bin/env python2
#============================================================================
#
#/** @file qgpt.py