Get rid of CRC in image header. Replace that with SHA256 TLV at the end of the image.
Project: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-larva/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-larva/commit/88ef41b0 Tree: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-larva/tree/88ef41b0 Diff: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-larva/diff/88ef41b0 Branch: refs/heads/develop Commit: 88ef41b0220a034ec9488a72c1d6d2b8e34f0f34 Parents: e4bba16 Author: Marko Kiiskila <[email protected]> Authored: Tue Feb 16 15:30:24 2016 -0800 Committer: Marko Kiiskila <[email protected]> Committed: Tue Feb 16 15:30:24 2016 -0800 ---------------------------------------------------------------------- libs/bootutil/include/bootutil/image.h | 25 +++++++++++++++++++++---- libs/bootutil/pkg.yml | 1 + libs/bootutil/src/bootutil_priv.h | 2 ++ libs/bootutil/src/loader.c | 14 ++++++++++++-- libs/bootutil/src/test/boot_test.c | 19 ------------------- project/bin2img/src/bin2img.c | 11 +---------- project/boot/boot.yml | 1 + 7 files changed, 38 insertions(+), 35 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-mynewt-larva/blob/88ef41b0/libs/bootutil/include/bootutil/image.h ---------------------------------------------------------------------- diff --git a/libs/bootutil/include/bootutil/image.h b/libs/bootutil/include/bootutil/image.h index 3881695..f55de58 100644 --- a/libs/bootutil/include/bootutil/image.h +++ b/libs/bootutil/include/bootutil/image.h @@ -25,12 +25,19 @@ #define IMAGE_MAGIC 0x96f3b83c #define IMAGE_MAGIC_NONE 0xffffffff +/* + * Image header flags. + */ #define IMAGE_F_PIC 0x00000001 - -#define IMAGE_HEADER_CRC_OFFSET 4 +#define IMAGE_F_HAS_SHA256 0x00000002 /* Image contains hash TLV */ #define IMAGE_HEADER_SIZE 32 +/* + * Image trailer TLV types. + */ +#define IMAGE_TLV_SHA256 1 /* SHA256 of image hdr and body */ + struct image_version { uint8_t iv_major; uint8_t iv_minor; @@ -41,15 +48,25 @@ struct image_version { /** Image header. All fields are in little endian byte order. */ struct image_header { uint32_t ih_magic; - uint32_t ih_crc32; /* Covers remainder of header and all of image body. */ + uint32_t ih_tlv_size; /* Trailing TLVs */ uint32_t ih_hdr_size; uint32_t ih_img_size; /* Does not include header. */ uint32_t ih_flags; struct image_version ih_ver; - uint32_t _pad; + uint32_t _pad2; +}; + +/** Image trailer TLV format. All fields in little endian. */ +struct image_tlv { + uint8_t it_type; + uint8_t _pad; + uint16_t it_len; }; _Static_assert(sizeof(struct image_header) == IMAGE_HEADER_SIZE, "struct image_header not required size"); +int bootutil_img_validate(struct image_header *hdr, uint8_t flash_id, + uint32_t addr, uint8_t *tmp_buf, uint32_t tmp_buf_sz); + #endif http://git-wip-us.apache.org/repos/asf/incubator-mynewt-larva/blob/88ef41b0/libs/bootutil/pkg.yml ---------------------------------------------------------------------- diff --git a/libs/bootutil/pkg.yml b/libs/bootutil/pkg.yml index a018fc6..0082aa2 100644 --- a/libs/bootutil/pkg.yml +++ b/libs/bootutil/pkg.yml @@ -23,4 +23,5 @@ pkg.deps: - fs/nffs - libs/os - libs/testutil + - libs/mbedtls - hw/hal http://git-wip-us.apache.org/repos/asf/incubator-mynewt-larva/blob/88ef41b0/libs/bootutil/src/bootutil_priv.h ---------------------------------------------------------------------- diff --git a/libs/bootutil/src/bootutil_priv.h b/libs/bootutil/src/bootutil_priv.h index be42069..e9680c7 100644 --- a/libs/bootutil/src/bootutil_priv.h +++ b/libs/bootutil/src/bootutil_priv.h @@ -36,6 +36,8 @@ struct image_header; #define BOOT_PATH_TEST "/boot/test" #define BOOT_PATH_STATUS "/boot/status" +#define BOOT_TMPBUF_SZ 256 + struct boot_status { uint32_t bs_img1_length; uint32_t bs_img2_length; http://git-wip-us.apache.org/repos/asf/incubator-mynewt-larva/blob/88ef41b0/libs/bootutil/src/loader.c ---------------------------------------------------------------------- diff --git a/libs/bootutil/src/loader.c b/libs/bootutil/src/loader.c index c918a16..e9c4b8c 100644 --- a/libs/bootutil/src/loader.c +++ b/libs/bootutil/src/loader.c @@ -6,7 +6,7 @@ * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, @@ -632,6 +632,7 @@ int boot_go(const struct boot_req *req, struct boot_rsp *rsp) { struct boot_image_location image_addrs[BOOT_NUM_SLOTS]; + void *tmpbuf; int slot; int rc; int i; @@ -660,9 +661,9 @@ boot_go(const struct boot_req *req, struct boot_rsp *rsp) boot_req->br_num_image_areas); if (rc == 0) { /* We are resuming an interrupted image copy. */ + /* XXX if copy has not actually started yet, validate image */ rc = boot_copy_image(boot_status.bs_img1_length, boot_status.bs_img2_length); - if (rc != 0) { /* We failed to put the images back together; there is really no * solution here. @@ -701,6 +702,15 @@ boot_go(const struct boot_req *req, struct boot_rsp *rsp) return BOOT_EBADIMAGE; } } + tmpbuf = malloc(BOOT_TMPBUF_SZ); + if (!tmpbuf) { + return BOOT_ENOMEM; + } + if (bootutil_img_validate(&boot_img_hdrs[slot], + image_addrs[slot].bil_flash_id, image_addrs[slot].bil_address, + tmpbuf, BOOT_TMPBUF_SZ)) { + return BOOT_EBADIMAGE; + } switch (slot) { case 0: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-larva/blob/88ef41b0/libs/bootutil/src/test/boot_test.c ---------------------------------------------------------------------- diff --git a/libs/bootutil/src/test/boot_test.c b/libs/bootutil/src/test/boot_test.c index eb7852d..b531708 100644 --- a/libs/bootutil/src/test/boot_test.c +++ b/libs/bootutil/src/test/boot_test.c @@ -367,7 +367,6 @@ TEST_CASE(boot_test_nv_ns_10) struct image_header hdr = { .ih_magic = IMAGE_MAGIC, - .ih_crc32 = 0, .ih_hdr_size = BOOT_TEST_HEADER_SIZE, .ih_img_size = 12 * 1024, .ih_flags = 0, @@ -404,7 +403,6 @@ TEST_CASE(boot_test_nv_ns_01) struct image_header hdr = { .ih_magic = IMAGE_MAGIC, - .ih_crc32 = 0, .ih_hdr_size = BOOT_TEST_HEADER_SIZE, .ih_img_size = 10 * 1024, .ih_flags = 0, @@ -440,7 +438,6 @@ TEST_CASE(boot_test_nv_ns_11) struct image_header hdr0 = { .ih_magic = IMAGE_MAGIC, - .ih_crc32 = 0, .ih_hdr_size = BOOT_TEST_HEADER_SIZE, .ih_img_size = 5 * 1024, .ih_flags = 0, @@ -449,7 +446,6 @@ TEST_CASE(boot_test_nv_ns_11) struct image_header hdr1 = { .ih_magic = IMAGE_MAGIC, - .ih_crc32 = 0, .ih_hdr_size = BOOT_TEST_HEADER_SIZE, .ih_img_size = 32 * 1024, .ih_flags = 0, @@ -487,7 +483,6 @@ TEST_CASE(boot_test_vm_ns_10) struct image_header hdr = { .ih_magic = IMAGE_MAGIC, - .ih_crc32 = 0, .ih_hdr_size = BOOT_TEST_HEADER_SIZE, .ih_img_size = 12 * 1024, .ih_flags = 0, @@ -527,7 +522,6 @@ TEST_CASE(boot_test_vm_ns_01) struct image_header hdr = { .ih_magic = IMAGE_MAGIC, - .ih_crc32 = 0, .ih_hdr_size = BOOT_TEST_HEADER_SIZE, .ih_img_size = 10 * 1024, .ih_flags = 0, @@ -566,7 +560,6 @@ TEST_CASE(boot_test_vm_ns_11_a) struct image_header hdr0 = { .ih_magic = IMAGE_MAGIC, - .ih_crc32 = 0, .ih_hdr_size = BOOT_TEST_HEADER_SIZE, .ih_img_size = 5 * 1024, .ih_flags = 0, @@ -575,7 +568,6 @@ TEST_CASE(boot_test_vm_ns_11_a) struct image_header hdr1 = { .ih_magic = IMAGE_MAGIC, - .ih_crc32 = 0, .ih_hdr_size = BOOT_TEST_HEADER_SIZE, .ih_img_size = 32 * 1024, .ih_flags = 0, @@ -615,7 +607,6 @@ TEST_CASE(boot_test_vm_ns_11_b) struct image_header hdr0 = { .ih_magic = IMAGE_MAGIC, - .ih_crc32 = 0, .ih_hdr_size = BOOT_TEST_HEADER_SIZE, .ih_img_size = 5 * 1024, .ih_flags = 0, @@ -624,7 +615,6 @@ TEST_CASE(boot_test_vm_ns_11_b) struct image_header hdr1 = { .ih_magic = IMAGE_MAGIC, - .ih_crc32 = 0, .ih_hdr_size = BOOT_TEST_HEADER_SIZE, .ih_img_size = 32 * 1024, .ih_flags = 0, @@ -664,7 +654,6 @@ TEST_CASE(boot_test_vm_ns_11_2areas) struct image_header hdr0 = { .ih_magic = IMAGE_MAGIC, - .ih_crc32 = 0, .ih_hdr_size = BOOT_TEST_HEADER_SIZE, .ih_img_size = 5 * 1024, .ih_flags = 0, @@ -673,7 +662,6 @@ TEST_CASE(boot_test_vm_ns_11_2areas) struct image_header hdr1 = { .ih_magic = IMAGE_MAGIC, - .ih_crc32 = 0, .ih_hdr_size = BOOT_TEST_HEADER_SIZE, .ih_img_size = 196 * 1024, .ih_flags = 0, @@ -715,7 +703,6 @@ TEST_CASE(boot_test_nv_bs_10) struct image_header hdr = { .ih_magic = IMAGE_MAGIC, - .ih_crc32 = 0, .ih_hdr_size = BOOT_TEST_HEADER_SIZE, .ih_img_size = 12 * 1024, .ih_flags = 0, @@ -765,7 +752,6 @@ TEST_CASE(boot_test_nv_bs_11) struct image_header hdr0 = { .ih_magic = IMAGE_MAGIC, - .ih_crc32 = 0, .ih_hdr_size = BOOT_TEST_HEADER_SIZE, .ih_img_size = 12 * 1024, .ih_flags = 0, @@ -774,7 +760,6 @@ TEST_CASE(boot_test_nv_bs_11) struct image_header hdr1 = { .ih_magic = IMAGE_MAGIC, - .ih_crc32 = 0, .ih_hdr_size = BOOT_TEST_HEADER_SIZE, .ih_img_size = 17 * 1024, .ih_flags = 0, @@ -828,7 +813,6 @@ TEST_CASE(boot_test_nv_bs_11_2areas) struct image_header hdr0 = { .ih_magic = IMAGE_MAGIC, - .ih_crc32 = 0, .ih_hdr_size = BOOT_TEST_HEADER_SIZE, .ih_img_size = 150 * 1024, .ih_flags = 0, @@ -837,7 +821,6 @@ TEST_CASE(boot_test_nv_bs_11_2areas) struct image_header hdr1 = { .ih_magic = IMAGE_MAGIC, - .ih_crc32 = 0, .ih_hdr_size = BOOT_TEST_HEADER_SIZE, .ih_img_size = 190 * 1024, .ih_flags = 0, @@ -893,7 +876,6 @@ TEST_CASE(boot_test_vb_ns_11) struct image_header hdr0 = { .ih_magic = IMAGE_MAGIC, - .ih_crc32 = 0, .ih_hdr_size = BOOT_TEST_HEADER_SIZE, .ih_img_size = 5 * 1024, .ih_flags = 0, @@ -902,7 +884,6 @@ TEST_CASE(boot_test_vb_ns_11) struct image_header hdr1 = { .ih_magic = IMAGE_MAGIC, - .ih_crc32 = 0, .ih_hdr_size = BOOT_TEST_HEADER_SIZE, .ih_img_size = 32 * 1024, .ih_flags = 0, http://git-wip-us.apache.org/repos/asf/incubator-mynewt-larva/blob/88ef41b0/project/bin2img/src/bin2img.c ---------------------------------------------------------------------- diff --git a/project/bin2img/src/bin2img.c b/project/bin2img/src/bin2img.c index 8706191..1732b33 100644 --- a/project/bin2img/src/bin2img.c +++ b/project/bin2img/src/bin2img.c @@ -6,7 +6,7 @@ * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, @@ -67,9 +67,6 @@ main(int argc, char **argv) uint8_t *buf; FILE *fpout; FILE *fpin; - int crc_field_off; - int crc_start; - int crc_len; int rc; if (argc < 4) { @@ -134,12 +131,6 @@ main(int argc, char **argv) hdr.ih_img_size = st.st_size; memcpy(buf, &hdr, sizeof hdr); - crc_field_off = offsetof(struct image_header, ih_crc32); - crc_start = crc_field_off + sizeof hdr.ih_crc32; - crc_len = sizeof hdr - crc_start + st.st_size; - hdr.ih_crc32 = crc32(0, buf + crc_start, crc_len); - memcpy(buf + crc_field_off, &hdr.ih_crc32, sizeof hdr.ih_crc32); - rc = fwrite(buf, sizeof hdr + st.st_size, 1, fpout); if (rc != 1) { fprintf(stderr, "* error: file write error (file=%s)\n", argv[2]); http://git-wip-us.apache.org/repos/asf/incubator-mynewt-larva/blob/88ef41b0/project/boot/boot.yml ---------------------------------------------------------------------- diff --git a/project/boot/boot.yml b/project/boot/boot.yml index 3509cba..c3cf33a 100644 --- a/project/boot/boot.yml +++ b/project/boot/boot.yml @@ -26,3 +26,4 @@ project.pkgs: - libs/console/stub - libs/util - libs/baselibc + - libs/mbedtls
