| Message ID | 20181101034544.10194-1-sam@mendozajonas.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | lib/flash: Check if the partition is signed | expand |
On Thu, 2018-11-01 at 14:45 +1100, Samuel Mendoza-Jonas wrote: > In more recent firmware images built by op-build the VERSION partition > is signed, and includes a 'secure header'. Check for this and skip it if > found so we parse the version strings properly. > > Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com> Merged as 6a9c33fe > --- > lib/flash/flash.c | 16 ++++++++++++++++ > 1 file changed, 16 insertions(+) > > diff --git a/lib/flash/flash.c b/lib/flash/flash.c > index b7e5b88b..804d9d2c 100644 > --- a/lib/flash/flash.c > +++ b/lib/flash/flash.c > @@ -31,6 +31,8 @@ > #include <libflash/file.h> > #include <libflash/ecc.h> > > +#define SECURE_BOOT_HEADERS_SIZE 4096 > +#define ROM_MAGIC_NUMBER 0x17082011 > > struct flash_info { > /* Device information */ > @@ -148,6 +150,16 @@ out: > return NULL; > } > > +/* See stb_is_container() in Skiboot */ > +static bool is_signed(char *buffer, uint32_t len) > +{ > + if (!buffer || len <= SECURE_BOOT_HEADERS_SIZE) > + return false; > + if (be32_to_cpu((uint32_t *)buffer) != ROM_MAGIC_NUMBER) > + return false; > + return true; > +} > + > int flash_parse_version(void *ctx, char ***versions, bool current) > { > char *saveptr, *tok, **tmp, *buffer; > @@ -182,6 +194,10 @@ int flash_parse_version(void *ctx, char ***versions, bool current) > goto out; > } > > + /* Check if this partition is signed */ > + if (is_signed(buffer, len)) > + buffer += SECURE_BOOT_HEADERS_SIZE; > + > /* open-power-platform */ > tok = strtok_r(buffer, delim, &saveptr); > if (tok) {
diff --git a/lib/flash/flash.c b/lib/flash/flash.c index b7e5b88b..804d9d2c 100644 --- a/lib/flash/flash.c +++ b/lib/flash/flash.c @@ -31,6 +31,8 @@ #include <libflash/file.h> #include <libflash/ecc.h> +#define SECURE_BOOT_HEADERS_SIZE 4096 +#define ROM_MAGIC_NUMBER 0x17082011 struct flash_info { /* Device information */ @@ -148,6 +150,16 @@ out: return NULL; } +/* See stb_is_container() in Skiboot */ +static bool is_signed(char *buffer, uint32_t len) +{ + if (!buffer || len <= SECURE_BOOT_HEADERS_SIZE) + return false; + if (be32_to_cpu((uint32_t *)buffer) != ROM_MAGIC_NUMBER) + return false; + return true; +} + int flash_parse_version(void *ctx, char ***versions, bool current) { char *saveptr, *tok, **tmp, *buffer; @@ -182,6 +194,10 @@ int flash_parse_version(void *ctx, char ***versions, bool current) goto out; } + /* Check if this partition is signed */ + if (is_signed(buffer, len)) + buffer += SECURE_BOOT_HEADERS_SIZE; + /* open-power-platform */ tok = strtok_r(buffer, delim, &saveptr); if (tok) {
In more recent firmware images built by op-build the VERSION partition is signed, and includes a 'secure header'. Check for this and skip it if found so we parse the version strings properly. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com> --- lib/flash/flash.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)