[RFC,v2,0/2] Prevent alignment issues with "in place" FIT configurations

Message ID	20221106154111.872209-1-bjorn@mork.no
Headers	show Return-Path: <u-boot-bounces@lists.denx.de> From: =?utf-8?q?Bj=C3=B8rn_Mork?= <bjorn@mork.no> To: u-boot@lists.denx.de Cc: =?utf-8?q?Bj=C3=B8rn_Mork?= <bjorn@mork.no> Subject: [RFC v2 0/2] Prevent alignment issues with "in place" FIT configurations Date: Sun, 6 Nov 2022 16:41:09 +0100 Message-Id: <20221106154111.872209-1-bjorn@mork.no> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: list Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
Series	Prevent alignment issues with "in place" FIT configurations \| expand [RFC,v2,0/2] Prevent alignment issues with "in place" FIT configurations [RFC,v2,1/2] libfdt: add fdt_alignprop [RFC,v2,2/2] mkimage: Align fdt images in FIT to 8 bytes

Message ID

20221106154111.872209-1-bjorn@mork.no

Headers

From: =?utf-8?q?Bj=C3=B8rn_Mork?= <bjorn@mork.no>
To: u-boot@lists.denx.de
Cc: =?utf-8?q?Bj=C3=B8rn_Mork?= <bjorn@mork.no>
Subject: [RFC v2 0/2] Prevent alignment issues with "in place" FIT
 configurations
Date: Sun,  6 Nov 2022 16:41:09 +0100
Message-Id: <20221106154111.872209-1-bjorn@mork.no>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: list
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

Series

Prevent alignment issues with "in place" FIT configurations | expand

Message

Bjørn Mork Nov. 6, 2022, 3:41 p.m. UTC

Looking for some feedback on whether this is a problem wanting
to be solved, and if so, whether this solution would be acceptible
(after some polishing).

I recently hit alignment issues on a device where U-Boot has been
modified to force "in place" fdt loading regardless of the fdt_high
environment variable.  I realize that this is not a U-Boot problem,
but I still think that it would be worthwile to make mkimage produce
FIT images suitable for such devices.

This is only one of many possible solutions.  The libfdt changes will
obviously have to be accepted by the dtc community.  I'v posted a
similar request to the devicetree-compiler list with those changes.
The libfdt patch is included here for convenience.

The expected impact for U-Boot is only the tools/fit_image.c patch.


Bjørn 


Changes v2:
 - actually use the new fdt_alignprop() instead of an earlier PoC hack


Bjørn Mork (2):
  libfdt: add fdt_alignprop
  mkimage: Align fdt images in FIT to 8 bytes

 scripts/dtc/libfdt/fdt_rw.c          | 26 +++++++++++++++++++
 scripts/dtc/libfdt/fdt_wip.c         |  2 +-
 scripts/dtc/libfdt/libfdt.h          | 30 +++++++++++++++++++++
 scripts/dtc/libfdt/libfdt_internal.h |  1 +
 tools/fit_image.c                    | 39 ++++++++++++++++++++++++++++
 5 files changed, 97 insertions(+), 1 deletion(-)

Comments

Bjørn Mork Nov. 7, 2022, 1:33 p.m. UTC | #1

So if anyone looked at this, then you've noticed that it fails to
consider signing.

The design makes it hard to support the combination.  Algnment must run
last since signing may inject variable sized nodes before the fdt data
properties.  Signing must run last since it hashes the blob as it is,
inluding FDT_NOP tags and property order.

But we can trick this int working by signing before aligning to create
the signature nodes with their proper size and position, and then
sign again as a final step if we had to inject any FDT_NOP tags.

The attached fix works for me, creating valid signatures with aligned
images no matter how many times I re-sign the FIT with different length
signature comments.

Downsides is the obvious double signing, which we already accept for
resizing, and a build-up of FDT_NOP tags.  The latter is only an issue
if you re-sign with signature node size changes. And there's at most one
tag added per fdt node per signature update, so it's hardly a major
problem.


Bjørn