Adds the support of the pre-load header with the image signature
to binman.
Reviewed-by: Simon Glass
Signed-off-by: Philippe Reynes
---
tools/binman/entries.rst | 38
tools/binman/etype/pre_load.py| 162 ++
tools/binman/ftest.py | 51 ++
tools/binman/test/225_dev.key | 28 +++
tools/binman/test/225_pre_load.dts| 22 +++
tools/binman/test/226_pre_load_pkcs.dts | 23 +++
tools/binman/test/227_pre_load_pss.dts| 23 +++
.../test/228_pre_load_invalid_padding.dts | 23 +++
.../binman/test/229_pre_load_invalid_sha.dts | 23 +++
.../binman/test/230_pre_load_invalid_algo.dts | 23 +++
.../binman/test/231_pre_load_invalid_key.dts | 23 +++
11 files changed, 439 insertions(+)
create mode 100644 tools/binman/etype/pre_load.py
create mode 100644 tools/binman/test/225_dev.key
create mode 100644 tools/binman/test/225_pre_load.dts
create mode 100644 tools/binman/test/226_pre_load_pkcs.dts
create mode 100644 tools/binman/test/227_pre_load_pss.dts
create mode 100644 tools/binman/test/228_pre_load_invalid_padding.dts
create mode 100644 tools/binman/test/229_pre_load_invalid_sha.dts
create mode 100644 tools/binman/test/230_pre_load_invalid_algo.dts
create mode 100644 tools/binman/test/231_pre_load_invalid_key.dts
diff --git a/tools/binman/entries.rst b/tools/binman/entries.rst
index 484cde5c80..ef8351d969 100644
--- a/tools/binman/entries.rst
+++ b/tools/binman/entries.rst
@@ -1009,6 +1009,44 @@ placed at offset 'RESET_VECTOR_ADDRESS - 0xffc'.
+Entry: pre-load: Pre load image header
+--
+
+Properties / Entry arguments:
+- key-path: Path of the directory that store key (provided by the
environment variable KEY_PATH)
+- content: List of phandles to entries to sign
+- algo-name: Hash and signature algo to use for the signature
+- padding-name: Name of the padding (pkcs-1.5 or pss)
+- key-name: Filename of the private key to sign
+- header-size: Total size of the header
+- version: Version of the header
+
+This entry creates a pre-load header that contains a global
+image signature.
+
+For example, this creates an image with a pre-load header and a binary::
+
+binman {
+image2 {
+filename = "sandbox.bin";
+
+pre-load {
+content = <>;
+algo-name = "sha256,rsa2048";
+padding-name = "pss";
+key-name = "private.pem";
+header-size = <4096>;
+version = <1>;
+};
+
+image: blob-ext {
+filename = "sandbox.itb";
+};
+};
+};
+
+
+
Entry: scp: System Control Processor (SCP) firmware blob
diff --git a/tools/binman/etype/pre_load.py b/tools/binman/etype/pre_load.py
new file mode 100644
index 00..245ee75525
--- /dev/null
+++ b/tools/binman/etype/pre_load.py
@@ -0,0 +1,162 @@
+# SPDX-License-Identifier: GPL-2.0+
+# Copyright (c) 2022 Softathome
+# Written by Philippe Reynes
+#
+# Entry-type for the global header
+#
+
+import os
+import struct
+from dtoc import fdt_util
+from patman import tools
+
+from binman.entry import Entry
+from binman.etype.collection import Entry_collection
+from binman.entry import EntryArg
+
+from Cryptodome.Hash import SHA256, SHA384, SHA512
+from Cryptodome.PublicKey import RSA
+from Cryptodome.Signature import pkcs1_15
+from Cryptodome.Signature import pss
+
+PRE_LOAD_MAGIC = b'UBSH'
+
+RSAS = {
+'rsa1024': 1024 / 8,
+'rsa2048': 2048 / 8,
+'rsa4096': 4096 / 8
+}
+
+SHAS = {
+'sha256': SHA256,
+'sha384': SHA384,
+'sha512': SHA512
+}
+
+class Entry_pre_load(Entry_collection):
+"""Pre load image header
+
+Properties / Entry arguments:
+- pre-load-key-path: Path of the directory that store key (provided by
the environment variable PRE_LOAD_KEY_PATH)
+- content: List of phandles to entries to sign
+- algo-name: Hash and signature algo to use for the signature
+- padding-name: Name of the padding (pkcs-1.5 or pss)
+- key-name: Filename of the private key to sign
+- header-size: Total size of the header
+- version: Version of the header
+
+This entry creates a pre-load header that contains a global
+image signature.
+
+For example, this creates an image with a pre-load header and a binary::
+
+binman {
+image2 {
+filename = "sandbox.bin";
+
+pre-load {
+content = <>;
+algo-name = "sha256,rsa2048";
+padding-name = "pss";
+key-name = "private.pem";
+header-size = <4096>;
+version = <1>;
+};
+
+image: blob-ext {
+filename