Commit Graph

16 Commits

Author SHA1 Message Date
Yegor Timoshenko c2e4941367 treewide: use /usr/bin/env where appropriate
Some Unix systems (GuixSD, NixOS) do not install programs like
Bash and Python to /usr/bin, and /usr/bin/env has to be used to
locate these instead.

Change-Id: I7546bcb881c532adc984577ecb0ee2ec4f2efe00
Signed-off-by: Yegor Timoshenko <yegortimoshenko@riseup.net>
Reviewed-on: https://review.coreboot.org/28953
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2018-11-17 07:32:03 +00:00
Martin Roth 681bf41087 util/broadcom/secimage: Add distclean target
When running 'make distclean' on coreboot, the build cleans the tools
as well. Since secimage didn't have a distclean target, it gave an error
that the distclean target didn't exist.  This didn't actually affect
anything more than the secimage clean, but it was impossible to tell
that from the warning:

% make distclean
make[1]: *** No rule to make target 'distclean'.  Stop.

Change-Id: I4b4bcc1ab48e767218d31e455d23527acedf4953
Signed-off-by: Martin Roth <martinroth@google.com>
Reviewed-on: https://review.coreboot.org/23666
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
2018-02-10 23:49:58 +00:00
Alex Thiessen 457d1c8fa2 util/broadcom/secimage: Add HMAC test
One of responsibilities of the `secimage` tool is signing the image
using the HMAC-SHA256 algorithm. The test being added verifies that
secimage's internal call yields same result as the according openssl
tool does.

Change-Id: I8de4328f435af56901a861e3d5e733657c3c7f78
Signed-off-by: Alex Thiessen <alex.thiessen.de+coreboot@gmail.com>
Reviewed-on: https://review.coreboot.org/23474
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
2018-02-06 16:14:33 +00:00
Alex Thiessen 00a455c8a7 util/broadcom/secimage: Add OpenSSL 1.1 support
The `secimage` utility uses OpenSSL to calculate HMAC, which it does in
a rather unorthodox way, using deprecated `HMAC_CTX_init` API and
repeated calling of `HMAC_Init_ex` without a clear reason. The former
causes build errors with OpenSSL 1.1 while the rest of the
`HmacSha256Hash` function is confusing and overly complex.

Make `HmacSha256Hash` use a single OpenSSL API call. Test passed:
resulting signed binary remains identical.

Change-Id: Ib23c0ad96f9d8cc30ad357de8c0b0ba967c7d724
Signed-off-by: Alex Thiessen <alex.thiessen.de+coreboot@gmail.com>
Reviewed-on: https://review.coreboot.org/23069
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2018-01-14 23:11:40 +00:00
Patrick Georgi ca80196ae2 util/broadcom: Check for successful file access
Change-Id: I5c77b3c5ea3fbc249a8c564a521c2c3c45e1c560
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Found-by: Coverity Scan #1323510
Reviewed-on: https://review.coreboot.org/17877
Tested-by: build bot (Jenkins)
Reviewed-by: Martin Roth <martinroth@google.com>
2016-12-16 18:22:43 +01:00
Patrick Georgi 8c47b1f833 util/broadcom: Add two more NULL checks
Change-Id: I088730fd87dd39fa2c36a06c5770fad05a5808b0
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Found-by: Coverity Scan #1323511, #1323512
Reviewed-on: https://review.coreboot.org/17882
Tested-by: build bot (Jenkins)
Reviewed-by: Martin Roth <martinroth@google.com>
2016-12-16 15:56:35 +01:00
Patrick Georgi a3e928cdf6 util/broadcom: Check return value of stat()
Change-Id: Ib53408e8b186c07aa8e42c67131d39c4add05983
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Found-by: Coverity Scan #1323515
Reviewed-on: https://review.coreboot.org/17881
Tested-by: build bot (Jenkins)
Reviewed-by: Martin Roth <martinroth@google.com>
2016-12-16 15:56:08 +01:00
Patrick Georgi 3d51a6ac99 util/broadcom: Initialize variable
It's later tested for NULL, but never initialized to make that test work
reliably.

Change-Id: Iadee1af224507a6dd39956306f3eafa687895176
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Found-by: Coverity Scan #1323515
Reviewed-on: https://review.coreboot.org/17880
Tested-by: build bot (Jenkins)
Reviewed-by: Martin Roth <martinroth@google.com>
2016-12-16 15:55:53 +01:00
Patrick Georgi 6e50e33aea util/broadcom: Close file after use
Change-Id: Ieea7ac7fbc618cd12f843f1606f9ebab37cae67e
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Found-by: Coverity Scan #1323508
Reviewed-on: https://review.coreboot.org/17879
Tested-by: build bot (Jenkins)
Reviewed-by: Martin Roth <martinroth@google.com>
2016-12-16 15:55:33 +01:00
Patrick Georgi 856a3ab7c7 util/broadcom: Terminate string
filebuffer is treated like a string, so it should be zero-terminated
like a string.

Change-Id: I078aa39906394be64023424731fe0c7ae2019899
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Found-by: Coverity Scan #1323473
Reviewed-on: https://review.coreboot.org/17878
Tested-by: build bot (Jenkins)
Reviewed-by: Martin Roth <martinroth@google.com>
2016-12-16 15:55:18 +01:00
Patrick Georgi 5f771dca27 util/broadcom: close file on error
Change-Id: I5193c6a9f08398b881c971c7175654ba5775b34a
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Found-by: Coverity Scan #1323509
Reviewed-on: https://review.coreboot.org/17876
Tested-by: build bot (Jenkins)
Reviewed-by: Martin Roth <martinroth@google.com>
2016-12-16 15:54:51 +01:00
Stefan Reinauer 03597d0f01 secimage: Use libz's crc32 function
This is to trick libreboot into not deleting misc.c when checking
out coreboot.

Change-Id: I8f0bb5cb3eb5681f99c616ae03de126efab852a9
Signed-off-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-on: http://review.coreboot.org/11134
Tested-by: build bot (Jenkins)
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2015-08-09 12:34:24 +02:00
Stefan Reinauer 9dd8f88841 secimage: reformat
Change-Id: Ibfa8b6b60b2b39212cef27bb2a5f8849218164bb
Signed-off-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-on: http://review.coreboot.org/11133
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2015-08-09 12:34:15 +02:00
Stefan Reinauer 1db856d08a secimage: Don't link in gmp library
secimage does not use libgmp, so don't link it in.
(Otherwise linking fails if the library is not installed)

Change-Id: I24af21c7754ecd0109f3e86669fa34fa6991d7fe
Signed-off-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-on: http://review.coreboot.org/11079
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2015-07-31 17:40:32 +02:00
Patrick Georgi 392e9b156e util/broadcom: specify libraries after object files
Some compilers and linkers require a strict order or fail to find
all symbols.

Change-Id: I3f44bec1f0e21e7313a751fbc99c61c1aa9b7cf1
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: http://review.coreboot.org/9962
Tested-by: build bot (Jenkins)
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2015-04-22 19:36:29 +02:00
Daisuke Nojiri e1741c512c broadcom/cygnus: add secimage and sign bootblock
secimage is a tool which adds a header and signature to the binary
first loaded by the soc. ARM core frequency is set to 1 Ghz.

BUG=chrome-os-partner:36421
BRANCH=broadcom-firmware
TEST=booted b0 board

Change-Id: Ia08600d45c47ee4f08d253980036916e44b0044a
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Original-Commit-Id: 36284d1b242c26b0b5aac2894f7ed1790da1ef15
Original-Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Original-Reviewed-on: https://chrome-internal-review.googlesource.com/197155
Original-Reviewed-by: Scott Branden <sbranden@broadcom.com>
Original-Reviewed-by: Julius Werner <jwerner@chromium.org>
Original-Commit-Queue: Daisuke Nojiri <dnojiri@google.com>
Original-Tested-by: Daisuke Nojiri <dnojiri@google.com>
Original-Change-Id: Iaddd24006b368c8f37e075cb51e151e985029f3b
Original-Reviewed-on: https://chromium-review.googlesource.com/264417
Reviewed-on: http://review.coreboot.org/9914
Tested-by: build bot (Jenkins)
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2015-04-22 08:59:18 +02:00