[PATCH v1 1/2] tools: kwbimage: disable secure boot build without LIBCRYPTO support
Pali Rohar
pali at kernel.org
Sat Jan 21 16:56:12 CET 2023
On Saturday 21 January 2023 16:47:41 Paul-Erwan Rio wrote:
> The secure boot features cannot be built without 'LIBCRYPTO' enabled.
> This kind of reverts some of <b4f3cc2c42d97967a3a3c8796c340f6b07ecccac>
> changes.
>
> Signed-off-by: Paul-Erwan Rio <paulerwan.rio at gmail.com>
> ---
>
> tools/kwbimage.c | 18 ++++++++++++++++++
> 1 file changed, 18 insertions(+)
>
> diff --git a/tools/kwbimage.c b/tools/kwbimage.c
> index 6abb9f2d5c..0db99dbb02 100644
> --- a/tools/kwbimage.c
> +++ b/tools/kwbimage.c
> @@ -19,6 +19,7 @@
> #include <stdint.h>
> #include "kwbimage.h"
>
> +#if CONFIG_IS_ENABLED(LIBCRYPTO)
> #include <openssl/bn.h>
> #include <openssl/rsa.h>
> #include <openssl/pem.h>
> @@ -44,6 +45,7 @@ void EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
> EVP_MD_CTX_reset(ctx);
> }
> #endif
> +#endif
>
> /* fls - find last (most-significant) bit set in 4-bit integer */
> static inline int fls4(int num)
> @@ -62,7 +64,9 @@ static inline int fls4(int num)
>
> static struct image_cfg_element *image_cfg;
> static int cfgn;
> +#if CONFIG_IS_ENABLED(LIBCRYPTO)
> static int verbose_mode;
> +#endif
>
> struct boot_mode {
> unsigned int id;
> @@ -278,6 +282,7 @@ image_count_options(unsigned int optiontype)
> return count;
> }
>
> +#if CONFIG_IS_ENABLED(LIBCRYPTO)
> static int image_get_csk_index(void)
> {
> struct image_cfg_element *e;
> @@ -299,6 +304,7 @@ static bool image_get_spezialized_img(void)
>
> return e->sec_specialized_img;
> }
> +#endif
>
> static int image_get_bootfrom(void)
> {
> @@ -432,6 +438,7 @@ static uint8_t baudrate_to_option(unsigned int baudrate)
> }
> }
>
> +#if CONFIG_IS_ENABLED(LIBCRYPTO)
> static void kwb_msg(const char *fmt, ...)
> {
> if (verbose_mode) {
> @@ -926,6 +933,7 @@ static int kwb_dump_fuse_cmds(struct secure_hdr_v1 *sec_hdr)
> done:
> return ret;
> }
> +#endif
>
> static size_t image_headersz_align(size_t headersz, uint8_t blockid)
> {
> @@ -1079,11 +1087,13 @@ static size_t image_headersz_v1(int *hasext)
> */
> headersz = sizeof(struct main_hdr_v1);
>
> +#if CONFIG_IS_ENABLED(LIBCRYPTO)
> if (image_get_csk_index() >= 0) {
> headersz += sizeof(struct secure_hdr_v1);
> if (hasext)
> *hasext = 1;
> }
> +#endif
>
> cpu_sheeva = image_is_cpu_sheeva();
>
> @@ -1270,6 +1280,7 @@ err_close:
> return -1;
> }
>
> +#if CONFIG_IS_ENABLED(LIBCRYPTO)
> static int export_pub_kak_hash(RSA *kak, struct secure_hdr_v1 *secure_hdr)
> {
> FILE *hashf;
> @@ -1382,6 +1393,7 @@ static int add_secure_header_v1(struct image_tool_params *params, uint8_t *ptr,
>
> return 0;
> }
> +#endif
>
> static void finish_register_set_header_v1(uint8_t **cur, uint8_t **next_ext,
> struct register_set_hdr_v1 *register_set_hdr,
> @@ -1406,7 +1418,9 @@ static void *image_create_v1(size_t *imagesz, struct image_tool_params *params,
> struct main_hdr_v1 *main_hdr;
> struct opt_hdr_v1 *ohdr;
> struct register_set_hdr_v1 *register_set_hdr;
> +#if CONFIG_IS_ENABLED(LIBCRYPTO)
> struct secure_hdr_v1 *secure_hdr = NULL;
> +#endif
> size_t headersz;
> uint8_t *image, *cur;
> int hasext = 0;
> @@ -1491,6 +1505,7 @@ static void *image_create_v1(size_t *imagesz, struct image_tool_params *params,
> if (main_hdr->blockid == IBR_HDR_PEX_ID)
> main_hdr->srcaddr = cpu_to_le32(0xFFFFFFFF);
>
> +#if CONFIG_IS_ENABLED(LIBCRYPTO)
> if (image_get_csk_index() >= 0) {
> /*
> * only reserve the space here; we fill the header later since
> @@ -1501,6 +1516,7 @@ static void *image_create_v1(size_t *imagesz, struct image_tool_params *params,
> *next_ext = 1;
> next_ext = &secure_hdr->next;
> }
> +#endif
>
> datai = 0;
> for (cfgi = 0; cfgi < cfgn; cfgi++) {
> @@ -1552,9 +1568,11 @@ static void *image_create_v1(size_t *imagesz, struct image_tool_params *params,
> &datai, delay);
> }
>
> +#if CONFIG_IS_ENABLED(LIBCRYPTO)
> if (secure_hdr && add_secure_header_v1(params, ptr, payloadsz + headersz,
> headersz, image, secure_hdr))
> return NULL;
> +#endif
>
> *imagesz = headersz;
>
> --
> 2.39.0
>
This is entirely wrong change as it completely skips processing of some
command lone or config file options. It can lead to generating of broken
images by mkimage without any notice by user or any automated CI
testing. You really cannot randomly disable or comment some of functions
which are currently called.
More information about the U-Boot
mailing list