diff options
| author | Stewart Smith <stewart@linux.vnet.ibm.com> | 2017-12-13 17:26:42 +1100 |
|---|---|---|
| committer | Stewart Smith <stewart@linux.vnet.ibm.com> | 2017-12-18 21:30:57 -0600 |
| commit | 6e05c6f21b34f9c4f6597ace36dfca9624c7923c (patch) | |
| tree | 4215358d42122cc17c5c6198c1d8b306b1161a88 /libstb/test | |
| parent | 63ef6f54445e52e0cd3af4672e73c047484a6a12 (diff) | |
| download | skiboot-6e05c6f21b34f9c4f6597ace36dfca9624c7923c.zip skiboot-6e05c6f21b34f9c4f6597ace36dfca9624c7923c.tar.gz skiboot-6e05c6f21b34f9c4f6597ace36dfca9624c7923c.tar.bz2 | |
libstb/(create|print)-container: Sync with sb-signing-utils
The sb-signing-utils project has improved upon the skeleton
create-container tool that existed in skiboot, including
being able to (quite easily) create *signed* images.
This commit brings in that code (and makes it build in the
skiboot build environment) and updates our skiboot.*.stb
generating code to use the development keys.
We also update print-container as well, syncing it with the
upstream project.
Derived from github.com:open-power/sb-signing-utils.git
at v0.3-5-gcb111c03ad7f
(and yes, changes here will be submitted upstream)
Cc: Dave Heller <hellerda@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
Diffstat (limited to 'libstb/test')
| -rw-r--r-- | libstb/test/Makefile.check | 12 | ||||
| -rw-r--r-- | libstb/test/print-stb-container.c | 208 | ||||
| -rw-r--r-- | libstb/test/t.container.out | 50 |
3 files changed, 41 insertions, 229 deletions
diff --git a/libstb/test/Makefile.check b/libstb/test/Makefile.check index 00e1397..d4d7cb4 100644 --- a/libstb/test/Makefile.check +++ b/libstb/test/Makefile.check @@ -1,17 +1,15 @@ # -*-Makefile-*- -LIBSTB_TEST := libstb/test/run-stb-container \ - libstb/test/print-stb-container +LIBSTB_TEST := libstb/test/run-stb-container HOSTCFLAGS+=-I . -I include -libstb/test/print-stb-container-check: libstb/test/print-stb-container-q - -libstb/test/print-stb-container-q: libstb/test/print-stb-container - $(call Q, TEST , $(VALGRIND) libstb/test/print-stb-container libstb/test/t.container |diff -u libstb/test/t.container.out -, $< t.container) +libstb/test/print-stb-container-check: libstb/print-container libstb/test/print-stb-container-q +libstb/test/print-stb-container-q: libstb/print-container + $(call Q, TEST , $(VALGRIND) libstb/print-container -I libstb/test/t.container |diff -u libstb/test/t.container.out -, $< t.container) .PHONY : libstb-check -libstb-check: $(LIBSTB_TEST:%=%-check) $(LIBSTB_TEST:%=%-gcov-run) +libstb-check: $(LIBSTB_TEST:%=%-check) $(LIBSTB_TEST:%=%-gcov-run) libstb/test/print-stb-container-check libstb-check: $(LIBSTB_TEST_NOSTUB:%=%-check) $(LIBSTB_TEST_NOSTUB:%=%-gcov-run) .PHONY : libstb-coverage diff --git a/libstb/test/print-stb-container.c b/libstb/test/print-stb-container.c deleted file mode 100644 index 92a3ab5..0000000 --- a/libstb/test/print-stb-container.c +++ /dev/null @@ -1,208 +0,0 @@ -/* Copyright 2016 IBM Corp. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - * implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include <config.h> - -#include <stdbool.h> -#include <types.h> - -#include <stdio.h> -#include <stdlib.h> -#include <getopt.h> -#include <unistd.h> -#include <string.h> -#include <errno.h> -#include <sys/types.h> -#include <sys/stat.h> -#include <fcntl.h> -#include <assert.h> - -#include "../container.h" -#include "../container.c" - -static void display_version_raw(const ROM_version_raw v) -{ - printf("ver_alg:\n"); - printf(" version: %04x\n", be16_to_cpu(v.version)); - printf(" hash_alg: %02x (%s)\n", v.hash_alg, (v.hash_alg == 1)? "SHA512" : "UNKNOWN"); - printf(" sig_alg: %02x (%s)\n", v.sig_alg, (v.sig_alg == 1) ? "SHA512/ECDSA-521" : "UNKNOWN"); -} - -static void display_sha2_hash_t(const sha2_hash_t h) -{ - int i; - for(i=0; i<SHA512_DIGEST_LENGTH; i++) - printf("%02x", h[i]); -} - -static void display_ecid(const uint8_t *ecid) -{ - for(int i=0; i<ECID_SIZE; i++) - printf("%02x", ecid[i]); -} - -static void display_prefix_header(const ROM_prefix_header_raw *p) -{ - printf("Prefix Header:\n"); - display_version_raw(p->ver_alg); - printf("code_start_offset: %08lx\n", be64_to_cpu(p->code_start_offset)); - printf("reserved: %08lx\n", be64_to_cpu(p->reserved)); - printf("flags: %08x\n", be32_to_cpu(p->flags)); - printf("sw_key_count: %02x\n", p->sw_key_count); - printf("payload_size: %08lx\n", be64_to_cpu(p->payload_size)); - printf("payloah_hash: "); - display_sha2_hash_t(p->payload_hash); - printf("\n"); - printf("ecid_count: %02x\n", p->ecid_count); - for(int i=0; i< p->ecid_count; i++) { - printf("ecid: "); - display_ecid(p->ecid[i].ecid); - printf("\n"); - } -} - -static void display_sw_header(const ROM_sw_header_raw *swh) -{ - printf("Software Header:\n"); - display_version_raw(swh->ver_alg); - printf("code_start_offset: %08lx\n", be64_to_cpu(swh->code_start_offset)); - printf("reserved: %08lx\n", be64_to_cpu(swh->reserved)); - printf("flags: %08x\n", be32_to_cpu(swh->flags)); - printf("reserved_0: %02x\n", swh->reserved_0); - printf("payload_size: %08lx (%lu)\n", be64_to_cpu(swh->payload_size), be64_to_cpu(swh->payload_size)); - printf("payloah_hash: "); - display_sha2_hash_t(swh->payload_hash); - printf("\n"); - printf("ecid_count: %02x\n", swh->ecid_count); - - for(int i=0; i< swh->ecid_count; i++) { - printf("ecid: "); - display_ecid(swh->ecid[i].ecid); - printf("\n"); - } -} - -static void display_ec_coord(const uint8_t *e) -{ - for(int i=0; i<EC_COORDBYTES*2; i++) - printf("%02x", e[i]); -} - -static void display_prefix_data(const int sw_key_count, const ROM_prefix_data_raw *pd) -{ - printf("Prefix Data:\n"); - printf("hw_sig_a: "); display_ec_coord(pd->hw_sig_a); printf("\n"); - printf("hw_sig_b: "); display_ec_coord(pd->hw_sig_b); printf("\n"); - printf("hw_sig_c: "); display_ec_coord(pd->hw_sig_c); printf("\n"); - if (sw_key_count >=1) { - printf("sw_pkey_p: "); display_ec_coord(pd->sw_pkey_p); printf("\n"); - } - if (sw_key_count >=2) { - printf("sw_pkey_q: "); display_ec_coord(pd->sw_pkey_q); printf("\n"); - } - if (sw_key_count >=3) { - printf("sw_pkey_r: "); display_ec_coord(pd->sw_pkey_r); printf("\n"); - } -} - -static void display_sw_sig(const ROM_sw_sig_raw *s) -{ - printf("Software Signatures:\n"); - printf("sw_sig_p: "); display_ec_coord(s->sw_sig_p); printf("\n"); - printf("sw_sig_q: "); display_ec_coord(s->sw_sig_q); printf("\n"); - printf("sw_sig_r: "); display_ec_coord(s->sw_sig_r); printf("\n"); -} - -static void display_rom_container_raw(const ROM_container_raw *rcr) -{ - printf("Container:\n"); - printf("magic: 0x%04x\n", be32_to_cpu(rcr->magic_number)); - printf("version: 0x%02x\n", be16_to_cpu(rcr->version)); - printf("container_size: 0x%08lx (%lu)\n", be64_to_cpu(rcr->container_size), be64_to_cpu(rcr->container_size)); - printf("target_hrmor: 0x%08lx\n", be64_to_cpu(rcr->target_hrmor)); - printf("stack_pointer: 0x%08lx\n", be64_to_cpu(rcr->stack_pointer)); - printf("hw_pkey_a:\n"); - for(int i=0; i < EC_COORDBYTES; i++) - printf("%02x", rcr->hw_pkey_a[i]); - printf("\n"); - printf("hw_pkey_b:\n"); - for(int i=0; i < EC_COORDBYTES; i++) - printf("%02x", rcr->hw_pkey_b[i]); - printf("\n"); - printf("hw_pkey_c:\n"); - for(int i=0; i < EC_COORDBYTES; i++) - printf("%02x", rcr->hw_pkey_c[i]); - printf("\n"); -} - -static void display_container(char* f) -{ - int fd = open(f, O_RDONLY); - void *container = malloc(SECURE_BOOT_HEADERS_SIZE); - struct parsed_stb_container c; - size_t sz; - - assert(container); - if (fd == -1) { - perror(strerror(errno)); - exit(EXIT_FAILURE); - } - - sz = read(fd, container, SECURE_BOOT_HEADERS_SIZE); - if (sz != SECURE_BOOT_HEADERS_SIZE) { - perror(strerror(errno)); - exit(EXIT_FAILURE); - } - - if (!stb_is_container(container, SECURE_BOOT_HEADERS_SIZE)) { - fprintf(stderr, "Not a container, missing magic number\n"); - exit(EXIT_FAILURE); - } - - if (parse_stb_container(container, SECURE_BOOT_HEADERS_SIZE, &c) != 0) { - fprintf(stderr, "Failed to parse container.\n"); - exit(EXIT_FAILURE); - } - - display_rom_container_raw(c.c); - printf("\n"); - - display_prefix_header(c.ph); - printf("\n"); - - display_prefix_data(c.ph->sw_key_count, c.pd); - printf("\n"); - - display_sw_header(c.sh); - printf("\n"); - - display_sw_sig(c.ssig); - - free(container); - close(fd); -} - -int main(int argc, char* argv[]) -{ - if (argc != 2) { - fprintf(stderr, "Usage %s container_file\n", argv[0]); - return 0; - } - - display_container(argv[1]); - - return 0; -} diff --git a/libstb/test/t.container.out b/libstb/test/t.container.out index d613282..cd113ee 100644 --- a/libstb/test/t.container.out +++ b/libstb/test/t.container.out @@ -4,12 +4,18 @@ version: 0x01 container_size: 0x00000000 (0) target_hrmor: 0x00000000 stack_pointer: 0x00000000 -hw_pkey_a: -000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 -hw_pkey_b: -000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 -hw_pkey_c: -000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +hw_pkey_a: 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 + 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 + 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +hw_pkey_b: 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 + 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 + 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +hw_pkey_c: 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 + 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 + 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +HW keys hash (calculated): + 03bb354bfebb6f7e2bf5bd30e76c1942587d26cf78200d47db84bc002912ed58f62037e6258b484ed37211a0 + ad006050a027dc16d4c6182487acd34e57dc6c69 Prefix Header: ver_alg: @@ -21,13 +27,20 @@ reserved: 00000000 flags: 00000000 sw_key_count: 00 payload_size: 00000000 -payloah_hash: 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +payload_hash: 00000000000000000000000000000000000000000000000000000000000000000000000000000000 + 000000000000000000000000000000000000000000000000 ecid_count: 00 Prefix Data: -hw_sig_a: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 -hw_sig_b: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 -hw_sig_c: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +hw_sig_a: 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 + 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 + 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +hw_sig_b: 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 + 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 + 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +hw_sig_c: 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 + 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 + 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Software Header: ver_alg: @@ -36,13 +49,22 @@ ver_alg: sig_alg: 00 (UNKNOWN) code_start_offset: 00000000 reserved: 00000000 +reserved (ASCII): flags: 00000000 reserved_0: 00 payload_size: 00000000 (0) -payloah_hash: 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +payload_hash: 00000000000000000000000000000000000000000000000000000000000000000000000000000000 + 000000000000000000000000000000000000000000000000 ecid_count: 00 Software Signatures: -sw_sig_p: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 -sw_sig_q: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 -sw_sig_r: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +sw_sig_p: 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 + 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 + 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +sw_sig_q: 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 + 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 + 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +sw_sig_r: 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 + 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 + 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 + |