Commit Graph

14 Commits

Author SHA1 Message Date
Alex Thiessen 457d1c8fa2 util/broadcom/secimage: Add HMAC test
One of responsibilities of the `secimage` tool is signing the image
using the HMAC-SHA256 algorithm. The test being added verifies that
secimage's internal call yields same result as the according openssl
tool does.

Change-Id: I8de4328f435af56901a861e3d5e733657c3c7f78
Signed-off-by: Alex Thiessen <alex.thiessen.de+coreboot@gmail.com>
Reviewed-on: https://review.coreboot.org/23474
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
2018-02-06 16:14:33 +00:00
Alex Thiessen 00a455c8a7 util/broadcom/secimage: Add OpenSSL 1.1 support
The `secimage` utility uses OpenSSL to calculate HMAC, which it does in
a rather unorthodox way, using deprecated `HMAC_CTX_init` API and
repeated calling of `HMAC_Init_ex` without a clear reason. The former
causes build errors with OpenSSL 1.1 while the rest of the
`HmacSha256Hash` function is confusing and overly complex.

Make `HmacSha256Hash` use a single OpenSSL API call. Test passed:
resulting signed binary remains identical.

Change-Id: Ib23c0ad96f9d8cc30ad357de8c0b0ba967c7d724
Signed-off-by: Alex Thiessen <alex.thiessen.de+coreboot@gmail.com>
Reviewed-on: https://review.coreboot.org/23069
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2018-01-14 23:11:40 +00:00
Patrick Georgi ca80196ae2 util/broadcom: Check for successful file access
Change-Id: I5c77b3c5ea3fbc249a8c564a521c2c3c45e1c560
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Found-by: Coverity Scan #1323510
Reviewed-on: https://review.coreboot.org/17877
Tested-by: build bot (Jenkins)
Reviewed-by: Martin Roth <martinroth@google.com>
2016-12-16 18:22:43 +01:00
Patrick Georgi 8c47b1f833 util/broadcom: Add two more NULL checks
Change-Id: I088730fd87dd39fa2c36a06c5770fad05a5808b0
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Found-by: Coverity Scan #1323511, #1323512
Reviewed-on: https://review.coreboot.org/17882
Tested-by: build bot (Jenkins)
Reviewed-by: Martin Roth <martinroth@google.com>
2016-12-16 15:56:35 +01:00
Patrick Georgi a3e928cdf6 util/broadcom: Check return value of stat()
Change-Id: Ib53408e8b186c07aa8e42c67131d39c4add05983
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Found-by: Coverity Scan #1323515
Reviewed-on: https://review.coreboot.org/17881
Tested-by: build bot (Jenkins)
Reviewed-by: Martin Roth <martinroth@google.com>
2016-12-16 15:56:08 +01:00
Patrick Georgi 3d51a6ac99 util/broadcom: Initialize variable
It's later tested for NULL, but never initialized to make that test work
reliably.

Change-Id: Iadee1af224507a6dd39956306f3eafa687895176
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Found-by: Coverity Scan #1323515
Reviewed-on: https://review.coreboot.org/17880
Tested-by: build bot (Jenkins)
Reviewed-by: Martin Roth <martinroth@google.com>
2016-12-16 15:55:53 +01:00
Patrick Georgi 6e50e33aea util/broadcom: Close file after use
Change-Id: Ieea7ac7fbc618cd12f843f1606f9ebab37cae67e
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Found-by: Coverity Scan #1323508
Reviewed-on: https://review.coreboot.org/17879
Tested-by: build bot (Jenkins)
Reviewed-by: Martin Roth <martinroth@google.com>
2016-12-16 15:55:33 +01:00
Patrick Georgi 856a3ab7c7 util/broadcom: Terminate string
filebuffer is treated like a string, so it should be zero-terminated
like a string.

Change-Id: I078aa39906394be64023424731fe0c7ae2019899
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Found-by: Coverity Scan #1323473
Reviewed-on: https://review.coreboot.org/17878
Tested-by: build bot (Jenkins)
Reviewed-by: Martin Roth <martinroth@google.com>
2016-12-16 15:55:18 +01:00
Patrick Georgi 5f771dca27 util/broadcom: close file on error
Change-Id: I5193c6a9f08398b881c971c7175654ba5775b34a
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Found-by: Coverity Scan #1323509
Reviewed-on: https://review.coreboot.org/17876
Tested-by: build bot (Jenkins)
Reviewed-by: Martin Roth <martinroth@google.com>
2016-12-16 15:54:51 +01:00
Stefan Reinauer 03597d0f01 secimage: Use libz's crc32 function
This is to trick libreboot into not deleting misc.c when checking
out coreboot.

Change-Id: I8f0bb5cb3eb5681f99c616ae03de126efab852a9
Signed-off-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-on: http://review.coreboot.org/11134
Tested-by: build bot (Jenkins)
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2015-08-09 12:34:24 +02:00
Stefan Reinauer 9dd8f88841 secimage: reformat
Change-Id: Ibfa8b6b60b2b39212cef27bb2a5f8849218164bb
Signed-off-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-on: http://review.coreboot.org/11133
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2015-08-09 12:34:15 +02:00
Stefan Reinauer 1db856d08a secimage: Don't link in gmp library
secimage does not use libgmp, so don't link it in.
(Otherwise linking fails if the library is not installed)

Change-Id: I24af21c7754ecd0109f3e86669fa34fa6991d7fe
Signed-off-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-on: http://review.coreboot.org/11079
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2015-07-31 17:40:32 +02:00
Patrick Georgi 392e9b156e util/broadcom: specify libraries after object files
Some compilers and linkers require a strict order or fail to find
all symbols.

Change-Id: I3f44bec1f0e21e7313a751fbc99c61c1aa9b7cf1
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-on: http://review.coreboot.org/9962
Tested-by: build bot (Jenkins)
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2015-04-22 19:36:29 +02:00
Daisuke Nojiri e1741c512c broadcom/cygnus: add secimage and sign bootblock
secimage is a tool which adds a header and signature to the binary
first loaded by the soc. ARM core frequency is set to 1 Ghz.

BUG=chrome-os-partner:36421
BRANCH=broadcom-firmware
TEST=booted b0 board

Change-Id: Ia08600d45c47ee4f08d253980036916e44b0044a
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Original-Commit-Id: 36284d1b242c26b0b5aac2894f7ed1790da1ef15
Original-Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Original-Reviewed-on: https://chrome-internal-review.googlesource.com/197155
Original-Reviewed-by: Scott Branden <sbranden@broadcom.com>
Original-Reviewed-by: Julius Werner <jwerner@chromium.org>
Original-Commit-Queue: Daisuke Nojiri <dnojiri@google.com>
Original-Tested-by: Daisuke Nojiri <dnojiri@google.com>
Original-Change-Id: Iaddd24006b368c8f37e075cb51e151e985029f3b
Original-Reviewed-on: https://chromium-review.googlesource.com/264417
Reviewed-on: http://review.coreboot.org/9914
Tested-by: build bot (Jenkins)
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2015-04-22 08:59:18 +02:00