[U-Boot] [PATCH v3 4/8] rsa: add sha256-rsa2048 algorithm

Simon Glass sjg at chromium.org
Sun Mar 9 06:33:08 CET 2014 

Hi Heiko,

On 3 March 2014 04:19, Heiko Schocher <hs at denx.de> wrote:
> based on patch from andreas at oetken.name:
>
> http://patchwork.ozlabs.org/patch/294318/
> commit message:
> I currently need support for rsa-sha256 signatures in u-boot and found out that
> the code for signatures is not very generic. Thus adding of different
> hash-algorithms for rsa-signatures is not easy to do without copy-pasting the
> rsa-code. I attached a patch for how I think it could be better and included
> support for rsa-sha256. This is a fast first shot.
>
> aditionally work:
> - removed checkpatch warnings
> - removed compiler warnings
> - rebased against current head
>
> Signed-off-by: Heiko Schocher <hs at denx.de>
> Cc: andreas at oetken.name
> Cc: Simon Glass <sjg at chromium.org>

This looks good to me. However, when running it I hit this crash?

O=b/sandbox test/vboot/vboot_test.sh
Simple Verified Boot Test
=========================

Please see doc/uImage.FIT/verified-boot.txt for more information

/home/sjg/c/src/third_party/u-boot/files/b/sandbox/tools/mkimage -D -I
dts -O dtb -p 2000
Build keys
do sha1 test
Build FIT with signed images
Test Verified Boot Run: unsigned signatures:: OK
Sign images
Test Verified Boot Run: signed images: OK
Build FIT with signed configuration
Test Verified Boot Run: unsigned config: OK
Sign images
Test Verified Boot Run: signed config: OK
check signed config on the host
*** buffer overflow detected ***:
/home/sjg/c/src/third_party/u-boot/files/b/sandbox/tools/fit_check_sign
terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7f07c7ba9f47]
/lib/x86_64-linux-gnu/libc.so.6(+0x109e40)[0x7f07c7ba8e40]
/home/sjg/c/src/third_party/u-boot/files/b/sandbox/tools/fit_check_sign[0x40226f]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xed)[0x7f07c7ac076d]
/home/sjg/c/src/third_party/u-boot/files/b/sandbox/tools/fit_check_sign[0x4023c5]
======= Memory map: ========
00400000-0041a000 r-xp 00000000 fc:01 9840801
  /home/sjg/c/src/third_party/u-boot/files/b/sandbox/tools/fit_check_sign
00619000-0061a000 r--p 00019000 fc:01 9840801
  /home/sjg/c/src/third_party/u-boot/files/b/sandbox/tools/fit_check_sign
0061a000-0061b000 rw-p 0001a000 fc:01 9840801
  /home/sjg/c/src/third_party/u-boot/files/b/sandbox/tools/fit_check_sign
0061b000-00711000 rw-p 00000000 00:00 0
00c24000-00c45000 rw-p 00000000 00:00 0                                  [heap]
7f07c746e000-7f07c7483000 r-xp 00000000 fc:01 2622892
  /lib/x86_64-linux-gnu/libgcc_s.so.1
7f07c7483000-7f07c7682000 ---p 00015000 fc:01 2622892
  /lib/x86_64-linux-gnu/libgcc_s.so.1
7f07c7682000-7f07c7683000 r--p 00014000 fc:01 2622892
  /lib/x86_64-linux-gnu/libgcc_s.so.1
7f07c7683000-7f07c7684000 rw-p 00015000 fc:01 2622892
  /lib/x86_64-linux-gnu/libgcc_s.so.1
7f07c7684000-7f07c769a000 r-xp 00000000 fc:01 2622826
  /lib/x86_64-linux-gnu/libz.so.1.2.3.4
7f07c769a000-7f07c7899000 ---p 00016000 fc:01 2622826
  /lib/x86_64-linux-gnu/libz.so.1.2.3.4
7f07c7899000-7f07c789a000 r--p 00015000 fc:01 2622826
  /lib/x86_64-linux-gnu/libz.so.1.2.3.4
7f07c789a000-7f07c789b000 rw-p 00016000 fc:01 2622826
  /lib/x86_64-linux-gnu/libz.so.1.2.3.4
7f07c789b000-7f07c789d000 r-xp 00000000 fc:01 2622044
  /lib/x86_64-linux-gnu/libdl-2.15.so
7f07c789d000-7f07c7a9d000 ---p 00002000 fc:01 2622044
  /lib/x86_64-linux-gnu/libdl-2.15.so
7f07c7a9d000-7f07c7a9e000 r--p 00002000 fc:01 2622044
  /lib/x86_64-linux-gnu/libdl-2.15.so
7f07c7a9e000-7f07c7a9f000 rw-p 00003000 fc:01 2622044
  /lib/x86_64-linux-gnu/libdl-2.15.so
7f07c7a9f000-7f07c7c54000 r-xp 00000000 fc:01 2622027
  /lib/x86_64-linux-gnu/libc-2.15.so
7f07c7c54000-7f07c7e54000 ---p 001b5000 fc:01 2622027
  /lib/x86_64-linux-gnu/libc-2.15.so
7f07c7e54000-7f07c7e58000 r--p 001b5000 fc:01 2622027
  /lib/x86_64-linux-gnu/libc-2.15.so
7f07c7e58000-7f07c7e5a000 rw-p 001b9000 fc:01 2622027
  /lib/x86_64-linux-gnu/libc-2.15.so
7f07c7e5a000-7f07c7e5f000 rw-p 00000000 00:00 0
7f07c7e5f000-7f07c8010000 r-xp 00000000 fc:01 2640614
  /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
7f07c8010000-7f07c8210000 ---p 001b1000 fc:01 2640614
  /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
7f07c8210000-7f07c822b000 r--p 001b1000 fc:01 2640614
  /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
7f07c822b000-7f07c8236000 rw-p 001cc000 fc:01 2640614
  /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
7f07c8236000-7f07c823a000 rw-p 00000000 00:00 0
7f07c823a000-7f07c828e000 r-xp 00000000 fc:01 2640615
  /lib/x86_64-linux-gnu/libssl.so.1.0.0
7f07c828e000-7f07c848e000 ---p 00054000 fc:01 2640615
  /lib/x86_64-linux-gnu/libssl.so.1.0.0
7f07c848e000-7f07c8491000 r--p 00054000 fc:01 2640615
  /lib/x86_64-linux-gnu/libssl.so.1.0.0
7f07c8491000-7f07c8497000 rw-p 00057000 fc:01 2640615
  /lib/x86_64-linux-gnu/libssl.so.1.0.0
7f07c8497000-7f07c8498000 rw-p 00000000 00:00 0
7f07c8498000-7f07c84ba000 r-xp 00000000 fc:01 2622041
  /lib/x86_64-linux-gnu/ld-2.15.so
7f07c869f000-7f07c86a3000 rw-p 00000000 00:00 0
7f07c86b7000-7f07c86ba000 rw-p 00000000 00:00 0
7f07c86ba000-7f07c86bb000 r--p 00022000 fc:01 2622041
  /lib/x86_64-linux-gnu/ld-2.15.so
7f07c86bb000-7f07c86bd000 rw-p 00023000 fc:01 2622041
  /lib/x86_64-linux-gnu/ld-2.15.so
7fff08a47000-7fff08a68000 rw-p 00000000 00:00 0                          [stack]
7fff08ad7000-7fff08ad9000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0
  [vsyscall]
test/vboot/vboot_test.sh: line 65:  7597 Aborted                 (core
dumped) ${fit_check_sign} -f test.fit -k sandbox-u-boot.dtb > ${tmp}

Verified boot key check on host failed, output follows:


Do you see this? Presumably not - I can dig a bit if you like?

Regards,
Simon

More information about the U-Boot mailing list