Some Unix systems (GuixSD, NixOS) do not install programs like
Bash and Python to /usr/bin, and /usr/bin/env has to be used to
locate these instead.
Change-Id: I7546bcb881c532adc984577ecb0ee2ec4f2efe00
Signed-off-by: Yegor Timoshenko <yegortimoshenko@riseup.net>
Reviewed-on: https://review.coreboot.org/28953
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
When running 'make distclean' on coreboot, the build cleans the tools
as well. Since secimage didn't have a distclean target, it gave an error
that the distclean target didn't exist. This didn't actually affect
anything more than the secimage clean, but it was impossible to tell
that from the warning:
% make distclean
make[1]: *** No rule to make target 'distclean'. Stop.
Change-Id: I4b4bcc1ab48e767218d31e455d23527acedf4953
Signed-off-by: Martin Roth <martinroth@google.com>
Reviewed-on: https://review.coreboot.org/23666
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
One of responsibilities of the `secimage` tool is signing the image
using the HMAC-SHA256 algorithm. The test being added verifies that
secimage's internal call yields same result as the according openssl
tool does.
Change-Id: I8de4328f435af56901a861e3d5e733657c3c7f78
Signed-off-by: Alex Thiessen <alex.thiessen.de+coreboot@gmail.com>
Reviewed-on: https://review.coreboot.org/23474
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
The `secimage` utility uses OpenSSL to calculate HMAC, which it does in
a rather unorthodox way, using deprecated `HMAC_CTX_init` API and
repeated calling of `HMAC_Init_ex` without a clear reason. The former
causes build errors with OpenSSL 1.1 while the rest of the
`HmacSha256Hash` function is confusing and overly complex.
Make `HmacSha256Hash` use a single OpenSSL API call. Test passed:
resulting signed binary remains identical.
Change-Id: Ib23c0ad96f9d8cc30ad357de8c0b0ba967c7d724
Signed-off-by: Alex Thiessen <alex.thiessen.de+coreboot@gmail.com>
Reviewed-on: https://review.coreboot.org/23069
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
It's later tested for NULL, but never initialized to make that test work
reliably.
Change-Id: Iadee1af224507a6dd39956306f3eafa687895176
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Found-by: Coverity Scan #1323515
Reviewed-on: https://review.coreboot.org/17880
Tested-by: build bot (Jenkins)
Reviewed-by: Martin Roth <martinroth@google.com>
filebuffer is treated like a string, so it should be zero-terminated
like a string.
Change-Id: I078aa39906394be64023424731fe0c7ae2019899
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Found-by: Coverity Scan #1323473
Reviewed-on: https://review.coreboot.org/17878
Tested-by: build bot (Jenkins)
Reviewed-by: Martin Roth <martinroth@google.com>
This is to trick libreboot into not deleting misc.c when checking
out coreboot.
Change-Id: I8f0bb5cb3eb5681f99c616ae03de126efab852a9
Signed-off-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-on: http://review.coreboot.org/11134
Tested-by: build bot (Jenkins)
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
secimage does not use libgmp, so don't link it in.
(Otherwise linking fails if the library is not installed)
Change-Id: I24af21c7754ecd0109f3e86669fa34fa6991d7fe
Signed-off-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-on: http://review.coreboot.org/11079
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Some compilers and linkers require a strict order or fail to find
all symbols.
Change-Id: I3f44bec1f0e21e7313a751fbc99c61c1aa9b7cf1
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: http://review.coreboot.org/9962
Tested-by: build bot (Jenkins)
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
secimage is a tool which adds a header and signature to the binary
first loaded by the soc. ARM core frequency is set to 1 Ghz.
BUG=chrome-os-partner:36421
BRANCH=broadcom-firmware
TEST=booted b0 board
Change-Id: Ia08600d45c47ee4f08d253980036916e44b0044a
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Original-Commit-Id: 36284d1b242c26b0b5aac2894f7ed1790da1ef15
Original-Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Original-Reviewed-on: https://chrome-internal-review.googlesource.com/197155
Original-Reviewed-by: Scott Branden <sbranden@broadcom.com>
Original-Reviewed-by: Julius Werner <jwerner@chromium.org>
Original-Commit-Queue: Daisuke Nojiri <dnojiri@google.com>
Original-Tested-by: Daisuke Nojiri <dnojiri@google.com>
Original-Change-Id: Iaddd24006b368c8f37e075cb51e151e985029f3b
Original-Reviewed-on: https://chromium-review.googlesource.com/264417
Reviewed-on: http://review.coreboot.org/9914
Tested-by: build bot (Jenkins)
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>