[PATCH v1 1/2] tools: kwbimage: disable secure boot build without LIBCRYPTO support

Pali Rohar pali at kernel.org
Sat Jan 21 17:21:00 CET 2023


On Saturday 21 January 2023 17:08:42 Paul-Erwan RIO wrote:
> Le sam. 21 janv. 2023 à 16:56, Pali Rohar <pali at kernel.org> a écrit :
> >
> > On Saturday 21 January 2023 16:47:41 Paul-Erwan Rio wrote:
> > > The secure boot features cannot be built without 'LIBCRYPTO' enabled.
> > > This kind of reverts some of <b4f3cc2c42d97967a3a3c8796c340f6b07ecccac>
> > > changes.
> > >
> > > Signed-off-by: Paul-Erwan Rio <paulerwan.rio at gmail.com>
> > > ---
> > >
> > >  tools/kwbimage.c | 18 ++++++++++++++++++
> > >  1 file changed, 18 insertions(+)
> > >
> > > diff --git a/tools/kwbimage.c b/tools/kwbimage.c
> > > index 6abb9f2d5c..0db99dbb02 100644
> > > --- a/tools/kwbimage.c
> > > +++ b/tools/kwbimage.c
> > > @@ -19,6 +19,7 @@
> > >  #include <stdint.h>
> > >  #include "kwbimage.h"
> > >
> > > +#if CONFIG_IS_ENABLED(LIBCRYPTO)
> > >  #include <openssl/bn.h>
> > >  #include <openssl/rsa.h>
> > >  #include <openssl/pem.h>
> > > @@ -44,6 +45,7 @@ void EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
> > >       EVP_MD_CTX_reset(ctx);
> > >  }
> > >  #endif
> > > +#endif
> > >
> > >  /* fls - find last (most-significant) bit set in 4-bit integer */
> > >  static inline int fls4(int num)
> > > @@ -62,7 +64,9 @@ static inline int fls4(int num)
> > >
> > >  static struct image_cfg_element *image_cfg;
> > >  static int cfgn;
> > > +#if CONFIG_IS_ENABLED(LIBCRYPTO)
> > >  static int verbose_mode;
> > > +#endif
> > >
> > >  struct boot_mode {
> > >       unsigned int id;
> > > @@ -278,6 +282,7 @@ image_count_options(unsigned int optiontype)
> > >       return count;
> > >  }
> > >
> > > +#if CONFIG_IS_ENABLED(LIBCRYPTO)
> > >  static int image_get_csk_index(void)
> > >  {
> > >       struct image_cfg_element *e;
> > > @@ -299,6 +304,7 @@ static bool image_get_spezialized_img(void)
> > >
> > >       return e->sec_specialized_img;
> > >  }
> > > +#endif
> > >
> > >  static int image_get_bootfrom(void)
> > >  {
> > > @@ -432,6 +438,7 @@ static uint8_t baudrate_to_option(unsigned int baudrate)
> > >       }
> > >  }
> > >
> > > +#if CONFIG_IS_ENABLED(LIBCRYPTO)
> > >  static void kwb_msg(const char *fmt, ...)
> > >  {
> > >       if (verbose_mode) {
> > > @@ -926,6 +933,7 @@ static int kwb_dump_fuse_cmds(struct secure_hdr_v1 *sec_hdr)
> > >  done:
> > >       return ret;
> > >  }
> > > +#endif
> > >
> > >  static size_t image_headersz_align(size_t headersz, uint8_t blockid)
> > >  {
> > > @@ -1079,11 +1087,13 @@ static size_t image_headersz_v1(int *hasext)
> > >        */
> > >       headersz = sizeof(struct main_hdr_v1);
> > >
> > > +#if CONFIG_IS_ENABLED(LIBCRYPTO)
> > >       if (image_get_csk_index() >= 0) {
> > >               headersz += sizeof(struct secure_hdr_v1);
> > >               if (hasext)
> > >                       *hasext = 1;
> > >       }
> > > +#endif
> > >
> > >       cpu_sheeva = image_is_cpu_sheeva();
> > >
> > > @@ -1270,6 +1280,7 @@ err_close:
> > >       return -1;
> > >  }
> > >
> > > +#if CONFIG_IS_ENABLED(LIBCRYPTO)
> > >  static int export_pub_kak_hash(RSA *kak, struct secure_hdr_v1 *secure_hdr)
> > >  {
> > >       FILE *hashf;
> > > @@ -1382,6 +1393,7 @@ static int add_secure_header_v1(struct image_tool_params *params, uint8_t *ptr,
> > >
> > >       return 0;
> > >  }
> > > +#endif
> > >
> > >  static void finish_register_set_header_v1(uint8_t **cur, uint8_t **next_ext,
> > >                                         struct register_set_hdr_v1 *register_set_hdr,
> > > @@ -1406,7 +1418,9 @@ static void *image_create_v1(size_t *imagesz, struct image_tool_params *params,
> > >       struct main_hdr_v1 *main_hdr;
> > >       struct opt_hdr_v1 *ohdr;
> > >       struct register_set_hdr_v1 *register_set_hdr;
> > > +#if CONFIG_IS_ENABLED(LIBCRYPTO)
> > >       struct secure_hdr_v1 *secure_hdr = NULL;
> > > +#endif
> > >       size_t headersz;
> > >       uint8_t *image, *cur;
> > >       int hasext = 0;
> > > @@ -1491,6 +1505,7 @@ static void *image_create_v1(size_t *imagesz, struct image_tool_params *params,
> > >       if (main_hdr->blockid == IBR_HDR_PEX_ID)
> > >               main_hdr->srcaddr = cpu_to_le32(0xFFFFFFFF);
> > >
> > > +#if CONFIG_IS_ENABLED(LIBCRYPTO)
> > >       if (image_get_csk_index() >= 0) {
> > >               /*
> > >                * only reserve the space here; we fill the header later since
> > > @@ -1501,6 +1516,7 @@ static void *image_create_v1(size_t *imagesz, struct image_tool_params *params,
> > >               *next_ext = 1;
> > >               next_ext = &secure_hdr->next;
> > >       }
> > > +#endif
> > >
> > >       datai = 0;
> > >       for (cfgi = 0; cfgi < cfgn; cfgi++) {
> > > @@ -1552,9 +1568,11 @@ static void *image_create_v1(size_t *imagesz, struct image_tool_params *params,
> > >                                             &datai, delay);
> > >       }
> > >
> > > +#if CONFIG_IS_ENABLED(LIBCRYPTO)
> > >       if (secure_hdr && add_secure_header_v1(params, ptr, payloadsz + headersz,
> > >                                              headersz, image, secure_hdr))
> > >               return NULL;
> > > +#endif
> > >
> > >       *imagesz = headersz;
> > >
> > > --
> > > 2.39.0
> > >
> >
> > This is entirely wrong change as it completely skips processing of some
> > command lone or config file options. It can lead to generating of broken
> > images by mkimage without any notice by user or any automated CI
> > testing. You really cannot randomly disable or comment some of functions
> > which are currently called.
> 
> Hello,
> That is true, especially since I do not know how to test my changes
> regarding kwbimage. But I do not really randomly disable some
> functions.
> I looked at the commit that introduced the issue:
> 
> Date: Fri Jul 23 11:14:13 2021 +0200
> tools: kwbimage: Do not hide usage of secure header under CONFIG_ARMADA_38X
> commit b4f3cc2c42d97967a3a3c8796c340f6b07eccca upstream
> 
> And reverted its change. But instead of hiding the secure header usage
> under the previous CONFIG_ARMADA_38X config, I used the the config
> that really shows the issue: CONFIG_TOOLS_LIBCRYPTO.
> 
> Regards,

And that is wrong. You cannot disable calling of some functions which
has to be called based on some settings (e.g. cmdline or config file).

mkimage parses command line options from argv[] and from config file and
based on these options it generates output file.

Look at the proposed change. What you have done is that you have
randomly disabled calling of some functions which was previously called
based on the options specified in mkimage argv[].

mkimage works like any other tool, based on the cmdline supplied in the
argv[] it calls specific functions which affects generated output file.

And not calling of some functions which were previously called cause
generating of different - broken output file (because it would not match
supplied command line options).


More information about the U-Boot mailing list