Re: [U-Boot] [U-Boot, 1/1] arm: mach-omap2: Fix secure file generation
On Fri, Dec 09, 2016 at 03:39:34PM -0600, Andrew F. Davis wrote: > On 12/09/2016 03:30 PM, Tom Rini wrote: > > On Fri, Dec 09, 2016 at 02:24:32PM -0600, Andrew F. Davis wrote: > >> On 12/09/2016 02:10 PM, Tom Rini wrote: > >>> On Fri, Dec 09, 2016 at 02:05:29PM -0600, Andrew F. Davis wrote: > On 12/09/2016 01:59 PM, Tom Rini wrote: > > On Thu, Dec 08, 2016 at 04:48:07PM -0600, Andrew F. Davis wrote: > > > >> When TI_SECURE_DEV_PKG is not defined we warn that the file '*_HS' was > >> not generated but generate an unsigned one anyway. When > >> TI_SECURE_DEV_PKG > >> is exported and the user re-builds, make will detect this file as > >> unchangedand and so assume it does not need to be re-generated. This > >> causes it to pack unsigned files. Fix this by not generating these > >> fake unsigned *_HS files. > >> > >> Signed-off-by: Andrew F. Davis> >> Reviewed-by: Tom Rini > >> --- > >> arch/arm/mach-omap2/config_secure.mk | 4 ++-- > >> 1 file changed, 2 insertions(+), 2 deletions(-) > >> > >> diff --git a/arch/arm/mach-omap2/config_secure.mk > >> b/arch/arm/mach-omap2/config_secure.mk > >> index 1122439..33c7059 100644 > >> --- a/arch/arm/mach-omap2/config_secure.mk > >> +++ b/arch/arm/mach-omap2/config_secure.mk > >> @@ -35,12 +35,12 @@ cmd_omapsecureimg = > >> $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh \ > >> else > >> cmd_omapsecureimg = echo "WARNING:" \ > >>"$(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh not > >> found." \ > >> - "$@ was NOT created!"; cp $< $@ > >> + "$@ was NOT created!"; > >> endif > >> else > >> cmd_omapsecureimg = echo "WARNING: TI_SECURE_DEV_PKG environment" \ > >>"variable must be defined for TI secure devices." \ > >> - "$@ was NOT created!"; cp $< $@ > >> + "$@ was NOT created!"; > >> endif > >> endif > > > > OK, but now that I build test this (without the tools present) this is a > > NAK. The root problem is that if we don't make that dummy file we then: > >arm: + am57xx_hs_evm > > +(am57xx_hs_evm) ./tools/mkimage: Can't open u-boot-nodtb_HS.bin: No > > such file or directory > > +(am57xx_hs_evm) ./tools/mkimage: failed to build FIT > > +(am57xx_hs_evm) make[1]: *** [u-boot_HS.img] Error 1 > > +(am57xx_hs_evm) make: *** [sub-make] Error 2 > > Is this not okay? build *should* fail if TI_SECURE_DEV_PKG is not > defined. You cannot sign images that *need* to be signed to work on this > platform, making a fake un-bootable image instead of failing is a hack > and it confuses the make system when you do put the signing tool > in-place. > >>> > >>> Well, I suppose this is a valid question. I run into it failing as I > >>> (and travis-ci) build all ARM targets. Maybe we can have the build not > >>> happen (and echo a Warning) and then not invoke mkimage later on if the > >>> env isn't right? > >> > >> For test building you can export TI_SECURE_DEV_PKG to point to a dummy > >> signing tool which just runs cp $1 $2. For real world building this tool > >> is needed just as much as the compiler, if you don't have it you will > >> not build working images, build needs to fail here. > > > > Hmmm, OK. But can we not automate that based on TI_SECURE_DEV_PKG being > > unset? > > > > That is what we already do, if TI_SECURE_DEV_PKG is unset, build should > fail, but right now it fakes a successful build, most likely to keep the > auto-validation happy as it does not have the signing tool. > > The only other thing I can think of is to always try to sign the images, > even when they have not changed on disk since the last build. Would this > be acceptable? Along with a comment above it about why we always re-sign, yes, lets go that route. Thanks! -- Tom signature.asc Description: Digital signature ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] [U-Boot, 1/1] arm: mach-omap2: Fix secure file generation
On Thu, Dec 08, 2016 at 04:48:07PM -0600, Andrew F. Davis wrote: > When TI_SECURE_DEV_PKG is not defined we warn that the file '*_HS' was > not generated but generate an unsigned one anyway. When TI_SECURE_DEV_PKG > is exported and the user re-builds, make will detect this file as > unchangedand and so assume it does not need to be re-generated. This > causes it to pack unsigned files. Fix this by not generating these > fake unsigned *_HS files. > > Signed-off-by: Andrew F. Davis> Reviewed-by: Tom Rini Applied to u-boot/master, thanks! -- Tom signature.asc Description: Digital signature ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] [U-Boot, 1/1] arm: mach-omap2: Fix secure file generation
On 12/09/2016 03:30 PM, Tom Rini wrote: > On Fri, Dec 09, 2016 at 02:24:32PM -0600, Andrew F. Davis wrote: >> On 12/09/2016 02:10 PM, Tom Rini wrote: >>> On Fri, Dec 09, 2016 at 02:05:29PM -0600, Andrew F. Davis wrote: On 12/09/2016 01:59 PM, Tom Rini wrote: > On Thu, Dec 08, 2016 at 04:48:07PM -0600, Andrew F. Davis wrote: > >> When TI_SECURE_DEV_PKG is not defined we warn that the file '*_HS' was >> not generated but generate an unsigned one anyway. When TI_SECURE_DEV_PKG >> is exported and the user re-builds, make will detect this file as >> unchangedand and so assume it does not need to be re-generated. This >> causes it to pack unsigned files. Fix this by not generating these >> fake unsigned *_HS files. >> >> Signed-off-by: Andrew F. Davis>> Reviewed-by: Tom Rini >> --- >> arch/arm/mach-omap2/config_secure.mk | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/arch/arm/mach-omap2/config_secure.mk >> b/arch/arm/mach-omap2/config_secure.mk >> index 1122439..33c7059 100644 >> --- a/arch/arm/mach-omap2/config_secure.mk >> +++ b/arch/arm/mach-omap2/config_secure.mk >> @@ -35,12 +35,12 @@ cmd_omapsecureimg = >> $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh \ >> else >> cmd_omapsecureimg = echo "WARNING:" \ >> "$(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh not >> found." \ >> -"$@ was NOT created!"; cp $< $@ >> +"$@ was NOT created!"; >> endif >> else >> cmd_omapsecureimg = echo "WARNING: TI_SECURE_DEV_PKG environment" \ >> "variable must be defined for TI secure devices." \ >> -"$@ was NOT created!"; cp $< $@ >> +"$@ was NOT created!"; >> endif >> endif > > OK, but now that I build test this (without the tools present) this is a > NAK. The root problem is that if we don't make that dummy file we then: >arm: + am57xx_hs_evm > +(am57xx_hs_evm) ./tools/mkimage: Can't open u-boot-nodtb_HS.bin: No such > file or directory > +(am57xx_hs_evm) ./tools/mkimage: failed to build FIT > +(am57xx_hs_evm) make[1]: *** [u-boot_HS.img] Error 1 > +(am57xx_hs_evm) make: *** [sub-make] Error 2 Is this not okay? build *should* fail if TI_SECURE_DEV_PKG is not defined. You cannot sign images that *need* to be signed to work on this platform, making a fake un-bootable image instead of failing is a hack and it confuses the make system when you do put the signing tool in-place. >>> >>> Well, I suppose this is a valid question. I run into it failing as I >>> (and travis-ci) build all ARM targets. Maybe we can have the build not >>> happen (and echo a Warning) and then not invoke mkimage later on if the >>> env isn't right? >> >> For test building you can export TI_SECURE_DEV_PKG to point to a dummy >> signing tool which just runs cp $1 $2. For real world building this tool >> is needed just as much as the compiler, if you don't have it you will >> not build working images, build needs to fail here. > > Hmmm, OK. But can we not automate that based on TI_SECURE_DEV_PKG being > unset? > That is what we already do, if TI_SECURE_DEV_PKG is unset, build should fail, but right now it fakes a successful build, most likely to keep the auto-validation happy as it does not have the signing tool. The only other thing I can think of is to always try to sign the images, even when they have not changed on disk since the last build. Would this be acceptable? ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] [U-Boot, 1/1] arm: mach-omap2: Fix secure file generation
On Fri, Dec 09, 2016 at 02:24:32PM -0600, Andrew F. Davis wrote: > On 12/09/2016 02:10 PM, Tom Rini wrote: > > On Fri, Dec 09, 2016 at 02:05:29PM -0600, Andrew F. Davis wrote: > >> On 12/09/2016 01:59 PM, Tom Rini wrote: > >>> On Thu, Dec 08, 2016 at 04:48:07PM -0600, Andrew F. Davis wrote: > >>> > When TI_SECURE_DEV_PKG is not defined we warn that the file '*_HS' was > not generated but generate an unsigned one anyway. When TI_SECURE_DEV_PKG > is exported and the user re-builds, make will detect this file as > unchangedand and so assume it does not need to be re-generated. This > causes it to pack unsigned files. Fix this by not generating these > fake unsigned *_HS files. > > Signed-off-by: Andrew F. Davis> Reviewed-by: Tom Rini > --- > arch/arm/mach-omap2/config_secure.mk | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/arch/arm/mach-omap2/config_secure.mk > b/arch/arm/mach-omap2/config_secure.mk > index 1122439..33c7059 100644 > --- a/arch/arm/mach-omap2/config_secure.mk > +++ b/arch/arm/mach-omap2/config_secure.mk > @@ -35,12 +35,12 @@ cmd_omapsecureimg = > $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh \ > else > cmd_omapsecureimg = echo "WARNING:" \ > "$(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh not > found." \ > -"$@ was NOT created!"; cp $< $@ > +"$@ was NOT created!"; > endif > else > cmd_omapsecureimg = echo "WARNING: TI_SECURE_DEV_PKG environment" \ > "variable must be defined for TI secure devices." \ > -"$@ was NOT created!"; cp $< $@ > +"$@ was NOT created!"; > endif > endif > >>> > >>> OK, but now that I build test this (without the tools present) this is a > >>> NAK. The root problem is that if we don't make that dummy file we then: > >>>arm: + am57xx_hs_evm > >>> +(am57xx_hs_evm) ./tools/mkimage: Can't open u-boot-nodtb_HS.bin: No such > >>> file or directory > >>> +(am57xx_hs_evm) ./tools/mkimage: failed to build FIT > >>> +(am57xx_hs_evm) make[1]: *** [u-boot_HS.img] Error 1 > >>> +(am57xx_hs_evm) make: *** [sub-make] Error 2 > >> > >> Is this not okay? build *should* fail if TI_SECURE_DEV_PKG is not > >> defined. You cannot sign images that *need* to be signed to work on this > >> platform, making a fake un-bootable image instead of failing is a hack > >> and it confuses the make system when you do put the signing tool in-place. > > > > Well, I suppose this is a valid question. I run into it failing as I > > (and travis-ci) build all ARM targets. Maybe we can have the build not > > happen (and echo a Warning) and then not invoke mkimage later on if the > > env isn't right? > > For test building you can export TI_SECURE_DEV_PKG to point to a dummy > signing tool which just runs cp $1 $2. For real world building this tool > is needed just as much as the compiler, if you don't have it you will > not build working images, build needs to fail here. Hmmm, OK. But can we not automate that based on TI_SECURE_DEV_PKG being unset? -- Tom signature.asc Description: Digital signature ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] [U-Boot, 1/1] arm: mach-omap2: Fix secure file generation
On 12/09/2016 02:10 PM, Tom Rini wrote: > On Fri, Dec 09, 2016 at 02:05:29PM -0600, Andrew F. Davis wrote: >> On 12/09/2016 01:59 PM, Tom Rini wrote: >>> On Thu, Dec 08, 2016 at 04:48:07PM -0600, Andrew F. Davis wrote: >>> When TI_SECURE_DEV_PKG is not defined we warn that the file '*_HS' was not generated but generate an unsigned one anyway. When TI_SECURE_DEV_PKG is exported and the user re-builds, make will detect this file as unchangedand and so assume it does not need to be re-generated. This causes it to pack unsigned files. Fix this by not generating these fake unsigned *_HS files. Signed-off-by: Andrew F. DavisReviewed-by: Tom Rini --- arch/arm/mach-omap2/config_secure.mk | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/arm/mach-omap2/config_secure.mk b/arch/arm/mach-omap2/config_secure.mk index 1122439..33c7059 100644 --- a/arch/arm/mach-omap2/config_secure.mk +++ b/arch/arm/mach-omap2/config_secure.mk @@ -35,12 +35,12 @@ cmd_omapsecureimg = $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh \ else cmd_omapsecureimg = echo "WARNING:" \ "$(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh not found." \ - "$@ was NOT created!"; cp $< $@ + "$@ was NOT created!"; endif else cmd_omapsecureimg = echo "WARNING: TI_SECURE_DEV_PKG environment" \ "variable must be defined for TI secure devices." \ - "$@ was NOT created!"; cp $< $@ + "$@ was NOT created!"; endif endif >>> >>> OK, but now that I build test this (without the tools present) this is a >>> NAK. The root problem is that if we don't make that dummy file we then: >>>arm: + am57xx_hs_evm >>> +(am57xx_hs_evm) ./tools/mkimage: Can't open u-boot-nodtb_HS.bin: No such >>> file or directory >>> +(am57xx_hs_evm) ./tools/mkimage: failed to build FIT >>> +(am57xx_hs_evm) make[1]: *** [u-boot_HS.img] Error 1 >>> +(am57xx_hs_evm) make: *** [sub-make] Error 2 >> >> Is this not okay? build *should* fail if TI_SECURE_DEV_PKG is not >> defined. You cannot sign images that *need* to be signed to work on this >> platform, making a fake un-bootable image instead of failing is a hack >> and it confuses the make system when you do put the signing tool in-place. > > Well, I suppose this is a valid question. I run into it failing as I > (and travis-ci) build all ARM targets. Maybe we can have the build not > happen (and echo a Warning) and then not invoke mkimage later on if the > env isn't right? > For test building you can export TI_SECURE_DEV_PKG to point to a dummy signing tool which just runs cp $1 $2. For real world building this tool is needed just as much as the compiler, if you don't have it you will not build working images, build needs to fail here. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] [U-Boot, 1/1] arm: mach-omap2: Fix secure file generation
On Fri, Dec 09, 2016 at 02:05:29PM -0600, Andrew F. Davis wrote: > On 12/09/2016 01:59 PM, Tom Rini wrote: > > On Thu, Dec 08, 2016 at 04:48:07PM -0600, Andrew F. Davis wrote: > > > >> When TI_SECURE_DEV_PKG is not defined we warn that the file '*_HS' was > >> not generated but generate an unsigned one anyway. When TI_SECURE_DEV_PKG > >> is exported and the user re-builds, make will detect this file as > >> unchangedand and so assume it does not need to be re-generated. This > >> causes it to pack unsigned files. Fix this by not generating these > >> fake unsigned *_HS files. > >> > >> Signed-off-by: Andrew F. Davis> >> Reviewed-by: Tom Rini > >> --- > >> arch/arm/mach-omap2/config_secure.mk | 4 ++-- > >> 1 file changed, 2 insertions(+), 2 deletions(-) > >> > >> diff --git a/arch/arm/mach-omap2/config_secure.mk > >> b/arch/arm/mach-omap2/config_secure.mk > >> index 1122439..33c7059 100644 > >> --- a/arch/arm/mach-omap2/config_secure.mk > >> +++ b/arch/arm/mach-omap2/config_secure.mk > >> @@ -35,12 +35,12 @@ cmd_omapsecureimg = > >> $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh \ > >> else > >> cmd_omapsecureimg = echo "WARNING:" \ > >>"$(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh not found." \ > >> - "$@ was NOT created!"; cp $< $@ > >> + "$@ was NOT created!"; > >> endif > >> else > >> cmd_omapsecureimg = echo "WARNING: TI_SECURE_DEV_PKG environment" \ > >>"variable must be defined for TI secure devices." \ > >> - "$@ was NOT created!"; cp $< $@ > >> + "$@ was NOT created!"; > >> endif > >> endif > > > > OK, but now that I build test this (without the tools present) this is a > > NAK. The root problem is that if we don't make that dummy file we then: > >arm: + am57xx_hs_evm > > +(am57xx_hs_evm) ./tools/mkimage: Can't open u-boot-nodtb_HS.bin: No such > > file or directory > > +(am57xx_hs_evm) ./tools/mkimage: failed to build FIT > > +(am57xx_hs_evm) make[1]: *** [u-boot_HS.img] Error 1 > > +(am57xx_hs_evm) make: *** [sub-make] Error 2 > > Is this not okay? build *should* fail if TI_SECURE_DEV_PKG is not > defined. You cannot sign images that *need* to be signed to work on this > platform, making a fake un-bootable image instead of failing is a hack > and it confuses the make system when you do put the signing tool in-place. Well, I suppose this is a valid question. I run into it failing as I (and travis-ci) build all ARM targets. Maybe we can have the build not happen (and echo a Warning) and then not invoke mkimage later on if the env isn't right? -- Tom signature.asc Description: Digital signature ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] [U-Boot, 1/1] arm: mach-omap2: Fix secure file generation
On 12/09/2016 01:59 PM, Tom Rini wrote: > On Thu, Dec 08, 2016 at 04:48:07PM -0600, Andrew F. Davis wrote: > >> When TI_SECURE_DEV_PKG is not defined we warn that the file '*_HS' was >> not generated but generate an unsigned one anyway. When TI_SECURE_DEV_PKG >> is exported and the user re-builds, make will detect this file as >> unchangedand and so assume it does not need to be re-generated. This >> causes it to pack unsigned files. Fix this by not generating these >> fake unsigned *_HS files. >> >> Signed-off-by: Andrew F. Davis>> Reviewed-by: Tom Rini >> --- >> arch/arm/mach-omap2/config_secure.mk | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/arch/arm/mach-omap2/config_secure.mk >> b/arch/arm/mach-omap2/config_secure.mk >> index 1122439..33c7059 100644 >> --- a/arch/arm/mach-omap2/config_secure.mk >> +++ b/arch/arm/mach-omap2/config_secure.mk >> @@ -35,12 +35,12 @@ cmd_omapsecureimg = >> $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh \ >> else >> cmd_omapsecureimg = echo "WARNING:" \ >> "$(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh not found." \ >> -"$@ was NOT created!"; cp $< $@ >> +"$@ was NOT created!"; >> endif >> else >> cmd_omapsecureimg = echo "WARNING: TI_SECURE_DEV_PKG environment" \ >> "variable must be defined for TI secure devices." \ >> -"$@ was NOT created!"; cp $< $@ >> +"$@ was NOT created!"; >> endif >> endif > > OK, but now that I build test this (without the tools present) this is a > NAK. The root problem is that if we don't make that dummy file we then: >arm: + am57xx_hs_evm > +(am57xx_hs_evm) ./tools/mkimage: Can't open u-boot-nodtb_HS.bin: No such > file or directory > +(am57xx_hs_evm) ./tools/mkimage: failed to build FIT > +(am57xx_hs_evm) make[1]: *** [u-boot_HS.img] Error 1 > +(am57xx_hs_evm) make: *** [sub-make] Error 2 > Is this not okay? build *should* fail if TI_SECURE_DEV_PKG is not defined. You cannot sign images that *need* to be signed to work on this platform, making a fake un-bootable image instead of failing is a hack and it confuses the make system when you do put the signing tool in-place. > So perhaps we need to make use of some other logic to rebuild on > TI_SECURE_DEV_PKG changing? > ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] [U-Boot, 1/1] arm: mach-omap2: Fix secure file generation
On Thu, Dec 08, 2016 at 04:48:07PM -0600, Andrew F. Davis wrote: > When TI_SECURE_DEV_PKG is not defined we warn that the file '*_HS' was > not generated but generate an unsigned one anyway. When TI_SECURE_DEV_PKG > is exported and the user re-builds, make will detect this file as > unchangedand and so assume it does not need to be re-generated. This > causes it to pack unsigned files. Fix this by not generating these > fake unsigned *_HS files. > > Signed-off-by: Andrew F. Davis> Reviewed-by: Tom Rini > --- > arch/arm/mach-omap2/config_secure.mk | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/arch/arm/mach-omap2/config_secure.mk > b/arch/arm/mach-omap2/config_secure.mk > index 1122439..33c7059 100644 > --- a/arch/arm/mach-omap2/config_secure.mk > +++ b/arch/arm/mach-omap2/config_secure.mk > @@ -35,12 +35,12 @@ cmd_omapsecureimg = > $(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh \ > else > cmd_omapsecureimg = echo "WARNING:" \ > "$(TI_SECURE_DEV_PKG)/scripts/secure-binary-image.sh not found." \ > - "$@ was NOT created!"; cp $< $@ > + "$@ was NOT created!"; > endif > else > cmd_omapsecureimg = echo "WARNING: TI_SECURE_DEV_PKG environment" \ > "variable must be defined for TI secure devices." \ > - "$@ was NOT created!"; cp $< $@ > + "$@ was NOT created!"; > endif > endif OK, but now that I build test this (without the tools present) this is a NAK. The root problem is that if we don't make that dummy file we then: arm: + am57xx_hs_evm +(am57xx_hs_evm) ./tools/mkimage: Can't open u-boot-nodtb_HS.bin: No such file or directory +(am57xx_hs_evm) ./tools/mkimage: failed to build FIT +(am57xx_hs_evm) make[1]: *** [u-boot_HS.img] Error 1 +(am57xx_hs_evm) make: *** [sub-make] Error 2 So perhaps we need to make use of some other logic to rebuild on TI_SECURE_DEV_PKG changing? -- Tom signature.asc Description: Digital signature ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot