[U-Boot] [PATCH v3 4/8] rsa: add sha256-rsa2048 algorithm

Heiko Schocher hs at denx.de
Mon Mar 10 07:00:56 CET 2014 

Hello Simon,

Am 09.03.2014 06:33, schrieb Simon Glass:
> Hi Heiko,
>
> On 3 March 2014 04:19, Heiko Schocher<hs at denx.de>  wrote:
>> based on patch from andreas at oetken.name:
>>
>> http://patchwork.ozlabs.org/patch/294318/
>> commit message:
>> I currently need support for rsa-sha256 signatures in u-boot and found out that
>> the code for signatures is not very generic. Thus adding of different
>> hash-algorithms for rsa-signatures is not easy to do without copy-pasting the
>> rsa-code. I attached a patch for how I think it could be better and included
>> support for rsa-sha256. This is a fast first shot.
>>
>> aditionally work:
>> - removed checkpatch warnings
>> - removed compiler warnings
>> - rebased against current head
>>
>> Signed-off-by: Heiko Schocher<hs at denx.de>
>> Cc: andreas at oetken.name
>> Cc: Simon Glass<sjg at chromium.org>
>
> This looks good to me. However, when running it I hit this crash?
>
> O=b/sandbox test/vboot/vboot_test.sh
> Simple Verified Boot Test
> =========================
>
> Please see doc/uImage.FIT/verified-boot.txt for more information
>
> /home/sjg/c/src/third_party/u-boot/files/b/sandbox/tools/mkimage -D -I
> dts -O dtb -p 2000
> Build keys
> do sha1 test
> Build FIT with signed images
> Test Verified Boot Run: unsigned signatures:: OK
> Sign images
> Test Verified Boot Run: signed images: OK
> Build FIT with signed configuration
> Test Verified Boot Run: unsigned config: OK
> Sign images
> Test Verified Boot Run: signed config: OK
> check signed config on the host
> *** buffer overflow detected ***:
> /home/sjg/c/src/third_party/u-boot/files/b/sandbox/tools/fit_check_sign
> terminated
> ======= Backtrace: =========
> /lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7f07c7ba9f47]
> /lib/x86_64-linux-gnu/libc.so.6(+0x109e40)[0x7f07c7ba8e40]
[...]
>    [vsyscall]
> test/vboot/vboot_test.sh: line 65:  7597 Aborted                 (core
> dumped) ${fit_check_sign} -f test.fit -k sandbox-u-boot.dtb>  ${tmp}
>
> Verified boot key check on host failed, output follows:
>
>
> Do you see this? Presumably not - I can dig a bit if you like?

No, I do not see this crash ... Hmm... you reply this error to the
4/8 patch of this series, but "fit_check_sign" is introduced in the
8/8 ... did you tried with all 8 patches applied?

Just tested with current head of U-Boot and I see no error:

commit 247161b8160fc699b0a517f081220bb50bc502a8
Merge: d57d60c 96ac18c
Author: Tom Rini <trini at ti.com>
Date:   Fri Mar 7 20:54:22 2014 -0500

     Merge branch 'master' of git://git.denx.de/u-boot-mpc85xx

$ O=sandbox ./test/vboot/vboot_test.sh
Simple Verified Boot Test
=========================

Please see doc/uImage.FIT/verified-boot.txt for more information

/home/hs/ids/u-boot/sandbox/tools/mkimage -D -I dts -O dtb -p 2000
Build keys
do sha1 test
Build FIT with signed images
Test Verified Boot Run: unsigned signatures:: OK
Sign images
Test Verified Boot Run: signed images: OK
Build FIT with signed configuration
Test Verified Boot Run: unsigned config: OK
Sign images
Test Verified Boot Run: signed config: OK
check signed config on the host
OK
Test Verified Boot Run: signed config: OK
Test Verified Boot Run: signed config with bad hash: OK
do sha256 test
Build FIT with signed images
Test Verified Boot Run: unsigned signatures:: OK
Sign images
Test Verified Boot Run: signed images: OK
Build FIT with signed configuration
Test Verified Boot Run: unsigned config: OK
Sign images
Test Verified Boot Run: signed config: OK
check signed config on the host
OK
Test Verified Boot Run: signed config: OK
Test Verified Boot Run: signed config with bad hash: OK

Test passed
pollux:u-boot hs [temp] $

Can you try with current head again?

bye,
Heiko
-- 
DENX Software Engineering GmbH,     MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany

More information about the U-Boot mailing list