Re: [PATCH v6 15/16] cmd: verify: initial import
Hi Simon, Le 28/03/2022 à 08:35, Simon Glass a écrit : Hi Philippe, On Thu, 10 Mar 2022 at 09:53, Philippe REYNES wrote: Hi Simon, Le 03/03/2022 à 04:37, Simon Glass a écrit : Hi Philippe, On Fri, 25 Feb 2022 at 07:58, Philippe Reynes wrote: Add the command verify that check the signature of an image with the pre-load header. If the check succeed, the u-boot env variable 'loadaddr_verified' is set to the address of the image (without the header). It allows to run such commands: tftp script.img && verify $loadaddr && source $loadaddr_verified Signed-off-by: Philippe Reynes --- cmd/Kconfig | 7 +++ cmd/Makefile | 1 + cmd/verify.c | 53 3 files changed, 61 insertions(+) create mode 100644 cmd/verify.c Using the 'verify' command seems a bit vague. Could it be a sub-command of bootm perhaps? The command verify may be used with any binary (script, video firmware, .). So a lot of binaries that are not launched by bootm. I think that it is not "logic" to used a bootm subcommand. But we could use another name if you want. For example : pre_load_verify ? I see. Well, I suppose this is a boot loader, so 'verify' would be expected to mean verifying an image or something to boot, so this seems reasonable to me. But I do like the idea of putting pre_load in there somewhere if you can, since we do most other verification as part of the 'bootm' command. Up to you. I have sent a v8 where I remove the command pre_load_verify, and add the subcommand preload to bootm. Reviewed-by: Simon Glass Regards, Simon Regards, Philippe
Re: [PATCH v6 15/16] cmd: verify: initial import
Hi Philippe, On Thu, 10 Mar 2022 at 09:53, Philippe REYNES wrote: > > Hi Simon, > > > Le 03/03/2022 à 04:37, Simon Glass a écrit : > > Hi Philippe, > > > > On Fri, 25 Feb 2022 at 07:58, Philippe Reynes > > wrote: > >> Add the command verify that check the signature of > >> an image with the pre-load header. If the check > >> succeed, the u-boot env variable 'loadaddr_verified' > >> is set to the address of the image (without the header). > >> > >> It allows to run such commands: > >> tftp script.img && verify $loadaddr && source $loadaddr_verified > >> > >> Signed-off-by: Philippe Reynes > >> --- > >> cmd/Kconfig | 7 +++ > >> cmd/Makefile | 1 + > >> cmd/verify.c | 53 > >> 3 files changed, 61 insertions(+) > >> create mode 100644 cmd/verify.c > >> > > Using the 'verify' command seems a bit vague. Could it be a > > sub-command of bootm perhaps? > > > The command verify may be used with any binary (script, video firmware, > .). > So a lot of binaries that are not launched by bootm. > I think that it is not "logic" to used a bootm subcommand. > But we could use another name if you want. > For example : pre_load_verify ? I see. Well, I suppose this is a boot loader, so 'verify' would be expected to mean verifying an image or something to boot, so this seems reasonable to me. But I do like the idea of putting pre_load in there somewhere if you can, since we do most other verification as part of the 'bootm' command. Up to you. Reviewed-by: Simon Glass Regards, Simon
Re: [PATCH v6 15/16] cmd: verify: initial import
Hi Simon,
Le 03/03/2022 à 04:37, Simon Glass a écrit :
Hi Philippe,
On Fri, 25 Feb 2022 at 07:58, Philippe Reynes
wrote:
Add the command verify that check the signature of
an image with the pre-load header. If the check
succeed, the u-boot env variable 'loadaddr_verified'
is set to the address of the image (without the header).
It allows to run such commands:
tftp script.img && verify $loadaddr && source $loadaddr_verified
Signed-off-by: Philippe Reynes
---
cmd/Kconfig | 7 +++
cmd/Makefile | 1 +
cmd/verify.c | 53
3 files changed, 61 insertions(+)
create mode 100644 cmd/verify.c
Using the 'verify' command seems a bit vague. Could it be a
sub-command of bootm perhaps?
The command verify may be used with any binary (script, video firmware,
.).
So a lot of binaries that are not launched by bootm.
I think that it is not "logic" to used a bootm subcommand.
But we could use another name if you want.
For example : pre_load_verify ?
diff --git a/cmd/Kconfig b/cmd/Kconfig
index 87aa3fb11a..0460d5c3a0 100644
--- a/cmd/Kconfig
+++ b/cmd/Kconfig
@@ -428,6 +428,13 @@ config CMD_THOR_DOWNLOAD
There is no documentation about this within the U-Boot source code
but you should be able to find something on the interwebs.
+config CMD_VERIFY
+ bool "verify the global signature"
+depends on CMD_BOOTM_PRE_LOAD
+ help
+ Verify the signature provided in a pre-load header of
+ a full image.
Please point to docs here
+
config CMD_ZBOOT
bool "zboot - x86 boot command"
help
diff --git a/cmd/Makefile b/cmd/Makefile
index 166c652d98..80e054e806 100644
--- a/cmd/Makefile
+++ b/cmd/Makefile
@@ -177,6 +177,7 @@ obj-$(CONFIG_CMD_THOR_DOWNLOAD) += thordown.o
obj-$(CONFIG_CMD_XIMG) += ximg.o
obj-$(CONFIG_CMD_YAFFS2) += yaffs2.o
obj-$(CONFIG_CMD_SPL) += spl.o
+obj-$(CONFIG_CMD_VERIFY) += verify.o
obj-$(CONFIG_CMD_W1) += w1.o
obj-$(CONFIG_CMD_ZIP) += zip.o
obj-$(CONFIG_CMD_ZFS) += zfs.o
diff --git a/cmd/verify.c b/cmd/verify.c
new file mode 100644
index 00..4d055e0790
--- /dev/null
+++ b/cmd/verify.c
@@ -0,0 +1,53 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright (C) 2022 Philippe Reynes
+ */
+
+#include
+#include
+#include
+#include
+
+static ulong verify_get_addr(int argc, char *const argv[])
+{
+ ulong addr;
+
+ if (argc > 0)
+ addr = simple_strtoul(argv[0], NULL, 16);
hextoul
+ else
+ addr = image_load_addr;
+
+ return addr;
+}
+
+static int do_verify(struct cmd_tbl *cmdtp, int flag, int argc,
+char *const argv[])
+{
+ ulong addr = verify_get_addr(argc, argv);
+ int ret = 0;
+
+ argc--; argv++;
+
+ addr = verify_get_addr(argc, argv);
+
+ if (CONFIG_IS_ENABLED(CMD_BOOTM_PRE_LOAD)) {
+ ret = image_pre_load(addr);
+
+ if (ret) {
+ ret = CMD_RET_FAILURE;
+ goto out;
+ }
+
+ env_set_hex("loadaddr_verified", addr + image_load_offset);
+ }
+
+ out:
+ return ret;
+}
+
+U_BOOT_CMD(verify, 2, 1, do_verify,
+ "verify the global signature provided in the pre-load header,\n"
+ "\tif the check succeed, the u-boot env variable loadaddr_verified\n"
+ "\tis set to the address of the image (without the header)",
+ ""
+);
--
2.17.1
Regards,
Simon
Regards,
Philippe
Re: [PATCH v6 15/16] cmd: verify: initial import
Hi Philippe,
On Fri, 25 Feb 2022 at 07:58, Philippe Reynes
wrote:
>
> Add the command verify that check the signature of
> an image with the pre-load header. If the check
> succeed, the u-boot env variable 'loadaddr_verified'
> is set to the address of the image (without the header).
>
> It allows to run such commands:
> tftp script.img && verify $loadaddr && source $loadaddr_verified
>
> Signed-off-by: Philippe Reynes
> ---
> cmd/Kconfig | 7 +++
> cmd/Makefile | 1 +
> cmd/verify.c | 53
> 3 files changed, 61 insertions(+)
> create mode 100644 cmd/verify.c
>
Using the 'verify' command seems a bit vague. Could it be a
sub-command of bootm perhaps?
> diff --git a/cmd/Kconfig b/cmd/Kconfig
> index 87aa3fb11a..0460d5c3a0 100644
> --- a/cmd/Kconfig
> +++ b/cmd/Kconfig
> @@ -428,6 +428,13 @@ config CMD_THOR_DOWNLOAD
> There is no documentation about this within the U-Boot source code
> but you should be able to find something on the interwebs.
>
> +config CMD_VERIFY
> + bool "verify the global signature"
> +depends on CMD_BOOTM_PRE_LOAD
> + help
> + Verify the signature provided in a pre-load header of
> + a full image.
Please point to docs here
> +
> config CMD_ZBOOT
> bool "zboot - x86 boot command"
> help
> diff --git a/cmd/Makefile b/cmd/Makefile
> index 166c652d98..80e054e806 100644
> --- a/cmd/Makefile
> +++ b/cmd/Makefile
> @@ -177,6 +177,7 @@ obj-$(CONFIG_CMD_THOR_DOWNLOAD) += thordown.o
> obj-$(CONFIG_CMD_XIMG) += ximg.o
> obj-$(CONFIG_CMD_YAFFS2) += yaffs2.o
> obj-$(CONFIG_CMD_SPL) += spl.o
> +obj-$(CONFIG_CMD_VERIFY) += verify.o
> obj-$(CONFIG_CMD_W1) += w1.o
> obj-$(CONFIG_CMD_ZIP) += zip.o
> obj-$(CONFIG_CMD_ZFS) += zfs.o
> diff --git a/cmd/verify.c b/cmd/verify.c
> new file mode 100644
> index 00..4d055e0790
> --- /dev/null
> +++ b/cmd/verify.c
> @@ -0,0 +1,53 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +/*
> + * Copyright (C) 2022 Philippe Reynes
> + */
> +
> +#include
> +#include
> +#include
> +#include
> +
> +static ulong verify_get_addr(int argc, char *const argv[])
> +{
> + ulong addr;
> +
> + if (argc > 0)
> + addr = simple_strtoul(argv[0], NULL, 16);
hextoul
> + else
> + addr = image_load_addr;
> +
> + return addr;
> +}
> +
> +static int do_verify(struct cmd_tbl *cmdtp, int flag, int argc,
> +char *const argv[])
> +{
> + ulong addr = verify_get_addr(argc, argv);
> + int ret = 0;
> +
> + argc--; argv++;
> +
> + addr = verify_get_addr(argc, argv);
> +
> + if (CONFIG_IS_ENABLED(CMD_BOOTM_PRE_LOAD)) {
> + ret = image_pre_load(addr);
> +
> + if (ret) {
> + ret = CMD_RET_FAILURE;
> + goto out;
> + }
> +
> + env_set_hex("loadaddr_verified", addr + image_load_offset);
> + }
> +
> + out:
> + return ret;
> +}
> +
> +U_BOOT_CMD(verify, 2, 1, do_verify,
> + "verify the global signature provided in the pre-load header,\n"
> + "\tif the check succeed, the u-boot env variable
> loadaddr_verified\n"
> + "\tis set to the address of the image (without the header)",
> + ""
> +);
> --
> 2.17.1
>
Regards,
Simon
[PATCH v6 15/16] cmd: verify: initial import
Add the command verify that check the signature of
an image with the pre-load header. If the check
succeed, the u-boot env variable 'loadaddr_verified'
is set to the address of the image (without the header).
It allows to run such commands:
tftp script.img && verify $loadaddr && source $loadaddr_verified
Signed-off-by: Philippe Reynes
---
cmd/Kconfig | 7 +++
cmd/Makefile | 1 +
cmd/verify.c | 53
3 files changed, 61 insertions(+)
create mode 100644 cmd/verify.c
diff --git a/cmd/Kconfig b/cmd/Kconfig
index 87aa3fb11a..0460d5c3a0 100644
--- a/cmd/Kconfig
+++ b/cmd/Kconfig
@@ -428,6 +428,13 @@ config CMD_THOR_DOWNLOAD
There is no documentation about this within the U-Boot source code
but you should be able to find something on the interwebs.
+config CMD_VERIFY
+ bool "verify the global signature"
+depends on CMD_BOOTM_PRE_LOAD
+ help
+ Verify the signature provided in a pre-load header of
+ a full image.
+
config CMD_ZBOOT
bool "zboot - x86 boot command"
help
diff --git a/cmd/Makefile b/cmd/Makefile
index 166c652d98..80e054e806 100644
--- a/cmd/Makefile
+++ b/cmd/Makefile
@@ -177,6 +177,7 @@ obj-$(CONFIG_CMD_THOR_DOWNLOAD) += thordown.o
obj-$(CONFIG_CMD_XIMG) += ximg.o
obj-$(CONFIG_CMD_YAFFS2) += yaffs2.o
obj-$(CONFIG_CMD_SPL) += spl.o
+obj-$(CONFIG_CMD_VERIFY) += verify.o
obj-$(CONFIG_CMD_W1) += w1.o
obj-$(CONFIG_CMD_ZIP) += zip.o
obj-$(CONFIG_CMD_ZFS) += zfs.o
diff --git a/cmd/verify.c b/cmd/verify.c
new file mode 100644
index 00..4d055e0790
--- /dev/null
+++ b/cmd/verify.c
@@ -0,0 +1,53 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright (C) 2022 Philippe Reynes
+ */
+
+#include
+#include
+#include
+#include
+
+static ulong verify_get_addr(int argc, char *const argv[])
+{
+ ulong addr;
+
+ if (argc > 0)
+ addr = simple_strtoul(argv[0], NULL, 16);
+ else
+ addr = image_load_addr;
+
+ return addr;
+}
+
+static int do_verify(struct cmd_tbl *cmdtp, int flag, int argc,
+char *const argv[])
+{
+ ulong addr = verify_get_addr(argc, argv);
+ int ret = 0;
+
+ argc--; argv++;
+
+ addr = verify_get_addr(argc, argv);
+
+ if (CONFIG_IS_ENABLED(CMD_BOOTM_PRE_LOAD)) {
+ ret = image_pre_load(addr);
+
+ if (ret) {
+ ret = CMD_RET_FAILURE;
+ goto out;
+ }
+
+ env_set_hex("loadaddr_verified", addr + image_load_offset);
+ }
+
+ out:
+ return ret;
+}
+
+U_BOOT_CMD(verify, 2, 1, do_verify,
+ "verify the global signature provided in the pre-load header,\n"
+ "\tif the check succeed, the u-boot env variable loadaddr_verified\n"
+ "\tis set to the address of the image (without the header)",
+ ""
+);
--
2.17.1
