u-boot-fw-utils: update patch to support encrypted env
The encryption of the U-Boot environment uses the HWID as key modifier. The HWID was being read using the fsl_otp driver sysfs entries and over two words. The driver is now deprecated and also the cc8x and cc8m platforms have different number of HWID words. This patch modifies the function that reads the HWID words by using new entries on the device tree 'digi,hwid_X' where X is the index of the HWID word. It also removes the need to select CONFIG_MD5 which is already auto-selected on sandbox_defconfig by other config switches. Signed-off-by: Hector Palacios <hector.palacios@digi.com> https://jira.digi.com/browse/DEL-7185
This commit is contained in:
Hector Palacios
parent
f6a8de0067
commit
8ced362766
|
|
@ -1,31 +1,25 @@
|
||||||
From: "Diaz de Grenu, Jose" <Jose.DiazdeGrenu@digi.com>
|
From: Hector Palacios <hector.palacios@digi.com>
|
||||||
Date: Tue, 23 Aug 2016 13:05:05 +0200
|
Date: Fri, 17 Jul 2020 07:08:50 +0200
|
||||||
Subject: [PATCH 1/4] tools: env: implement support for environment encryption
|
Subject: [PATCH] tools: env: implement support for environment encryption by
|
||||||
by CAAM
|
CAAM
|
||||||
|
|
||||||
https://jira.digi.com/browse/DEL-2836
|
Use the md5sum of HWID words (on the device tree) as key modifier.
|
||||||
|
|
||||||
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
|
Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
|
||||||
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
|
Signed-off-by: Gonzalo Ruiz <Gonzalo.Ruiz@digi.com>
|
||||||
|
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
|
||||||
|
|
||||||
|
https://jira.digi.com/browse/DEL-7185
|
||||||
|
https://jira.digi.com/browse/DEL-2836
|
||||||
---
|
---
|
||||||
configs/sandbox_defconfig | 1 +
|
tools/env/Makefile | 2 +-
|
||||||
tools/env/Makefile | 2 +-
|
tools/env/caam_keyblob.h | 45 +++++++++++++
|
||||||
tools/env/caam_keyblob.h | 45 ++++++++++++
|
tools/env/fw_env.c | 141 +++++++++++++++++++++++++++++++++++++++
|
||||||
tools/env/fw_env.c | 140 ++++++++++++++++++++++++++++++++++++++
|
3 files changed, 187 insertions(+), 1 deletion(-)
|
||||||
4 files changed, 187 insertions(+), 1 deletion(-)
|
|
||||||
create mode 100644 tools/env/caam_keyblob.h
|
create mode 100644 tools/env/caam_keyblob.h
|
||||||
|
|
||||||
diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig
|
|
||||||
index 6894262b89..f01e70b1c4 100644
|
|
||||||
--- a/configs/sandbox_defconfig
|
|
||||||
+++ b/configs/sandbox_defconfig
|
|
||||||
@@ -219,3 +219,4 @@ CONFIG_TEST_FDTDEC=y
|
|
||||||
CONFIG_UNIT_TEST=y
|
|
||||||
CONFIG_UT_TIME=y
|
|
||||||
CONFIG_UT_DM=y
|
|
||||||
+CONFIG_MD5=y
|
|
||||||
diff --git a/tools/env/Makefile b/tools/env/Makefile
|
diff --git a/tools/env/Makefile b/tools/env/Makefile
|
||||||
index b627796e94..fc7c44baa2 100644
|
index b627796e949e..fc7c44baa2b7 100644
|
||||||
--- a/tools/env/Makefile
|
--- a/tools/env/Makefile
|
||||||
+++ b/tools/env/Makefile
|
+++ b/tools/env/Makefile
|
||||||
@@ -24,7 +24,7 @@ hostprogs-y := fw_printenv
|
@@ -24,7 +24,7 @@ hostprogs-y := fw_printenv
|
||||||
|
|
@ -39,7 +33,7 @@ index b627796e94..fc7c44baa2 100644
|
||||||
|
|
||||||
diff --git a/tools/env/caam_keyblob.h b/tools/env/caam_keyblob.h
|
diff --git a/tools/env/caam_keyblob.h b/tools/env/caam_keyblob.h
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 0000000000..1cdf3946c1
|
index 000000000000..1cdf3946c1ba
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/tools/env/caam_keyblob.h
|
+++ b/tools/env/caam_keyblob.h
|
||||||
@@ -0,0 +1,45 @@
|
@@ -0,0 +1,45 @@
|
||||||
|
|
@ -89,7 +83,7 @@ index 0000000000..1cdf3946c1
|
||||||
+
|
+
|
||||||
+#endif /* CAAM_KEYBLOB_H */
|
+#endif /* CAAM_KEYBLOB_H */
|
||||||
diff --git a/tools/env/fw_env.c b/tools/env/fw_env.c
|
diff --git a/tools/env/fw_env.c b/tools/env/fw_env.c
|
||||||
index eef12dd2b7..b804314093 100644
|
index a5d75958e1b6..228d11c070e6 100644
|
||||||
--- a/tools/env/fw_env.c
|
--- a/tools/env/fw_env.c
|
||||||
+++ b/tools/env/fw_env.c
|
+++ b/tools/env/fw_env.c
|
||||||
@@ -24,6 +24,7 @@
|
@@ -24,6 +24,7 @@
|
||||||
|
|
@ -100,7 +94,7 @@ index eef12dd2b7..b804314093 100644
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
#include <dirent.h>
|
#include <dirent.h>
|
||||||
|
|
||||||
@@ -37,9 +38,19 @@
|
@@ -37,9 +38,17 @@
|
||||||
|
|
||||||
#include <mtd/ubi-user.h>
|
#include <mtd/ubi-user.h>
|
||||||
|
|
||||||
|
|
@ -114,13 +108,11 @@ index eef12dd2b7..b804314093 100644
|
||||||
+ */
|
+ */
|
||||||
+#define BLOB_OVERHEAD 48
|
+#define BLOB_OVERHEAD 48
|
||||||
+#define CAAM_KEY_DEV "/dev/caam_kb"
|
+#define CAAM_KEY_DEV "/dev/caam_kb"
|
||||||
+
|
|
||||||
+#define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]))
|
|
||||||
+
|
+
|
||||||
struct env_opts default_opts = {
|
struct env_opts default_opts = {
|
||||||
#ifdef CONFIG_FILE
|
#ifdef CONFIG_FILE
|
||||||
.config_file = CONFIG_FILE
|
.config_file = CONFIG_FILE
|
||||||
@@ -117,6 +128,7 @@ static struct environment environment = {
|
@@ -117,6 +126,7 @@ static struct environment environment = {
|
||||||
};
|
};
|
||||||
|
|
||||||
static int have_redund_env;
|
static int have_redund_env;
|
||||||
|
|
@ -128,7 +120,7 @@ index eef12dd2b7..b804314093 100644
|
||||||
|
|
||||||
static unsigned char active_flag = 1;
|
static unsigned char active_flag = 1;
|
||||||
/* obsolete_flag must be 0 to efficiently set it on NOR flash without erasing */
|
/* obsolete_flag must be 0 to efficiently set it on NOR flash without erasing */
|
||||||
@@ -442,6 +454,103 @@ char *fw_getdefenv(char *name)
|
@@ -442,6 +452,106 @@ char *fw_getdefenv(char *name)
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -140,34 +132,37 @@ index eef12dd2b7..b804314093 100644
|
||||||
+ caam_encryption_flag = 1;
|
+ caam_encryption_flag = 1;
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
|
+#define MAX_HWID_WORDS 4
|
||||||
+static int env_caam_get_keymod(unsigned char output[16])
|
+static int env_caam_get_keymod(unsigned char output[16])
|
||||||
+{
|
+{
|
||||||
+ int i;
|
+ int i;
|
||||||
+ int len;
|
+ int len;
|
||||||
+ int fd;
|
+ int fd;
|
||||||
+ char buff[32];
|
+ uint32_t ocotp_hwid[MAX_HWID_WORDS];
|
||||||
+ uint32_t ocotp_hwid[2];
|
+ const char dt_prop[32];
|
||||||
+ const char *ocotp_hwid_file[2] = {
|
|
||||||
+ "/sys/fsl_otp/HW_OCOTP_MAC0",
|
|
||||||
+ "/sys/fsl_otp/HW_OCOTP_MAC1"
|
|
||||||
+ };
|
|
||||||
+
|
+
|
||||||
+ for (i = 0; i < ARRAY_SIZE(ocotp_hwid); i++) {
|
+ for (i = 0; i < MAX_HWID_WORDS; i++) {
|
||||||
+ fd = open(ocotp_hwid_file[i], O_RDONLY);
|
+ sprintf(dt_prop, "/proc/device-tree/digi,hwid_%d", i);
|
||||||
+ if (fd < 0)
|
+ if (access(dt_prop, F_OK) != -1) {
|
||||||
+ return fd;
|
+ char buf[sizeof(uint32_t)];
|
||||||
+ len = read(fd, buff, sizeof(buff));
|
+
|
||||||
+ if (len < 0) {
|
+ fd = open(dt_prop, O_RDONLY);
|
||||||
|
+ if (fd < 0)
|
||||||
|
+ return fd;
|
||||||
|
+ len = read(fd, buf, sizeof(uint32_t));
|
||||||
|
+ if (len < 0) {
|
||||||
|
+ close(fd);
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
+ ocotp_hwid[i] = ntohl(*(uint32_t *)buf);
|
||||||
+ close(fd);
|
+ close(fd);
|
||||||
+ return -1;
|
+ } else {
|
||||||
|
+ break;
|
||||||
+ }
|
+ }
|
||||||
+ /* drop last character (new line) */
|
|
||||||
+ buff[len - 1] = '\0';
|
|
||||||
+ ocotp_hwid[i] = strtoul(buff, NULL, 0);
|
|
||||||
+ close(fd);
|
|
||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
+ md5((unsigned char *)(&ocotp_hwid), sizeof(ocotp_hwid), output);
|
+ /* Calculate md5sum on the raw HWID array */
|
||||||
|
+ md5((unsigned char *)(&ocotp_hwid), sizeof(uint32_t) * i, output);
|
||||||
+
|
+
|
||||||
+ return 0;
|
+ return 0;
|
||||||
+}
|
+}
|
||||||
|
|
@ -232,7 +227,7 @@ index eef12dd2b7..b804314093 100644
|
||||||
/*
|
/*
|
||||||
* Print the current definition of one, or more, or all
|
* Print the current definition of one, or more, or all
|
||||||
* environment variables
|
* environment variables
|
||||||
@@ -505,9 +614,20 @@ int fw_printenv(int argc, char *argv[], int value_only, struct env_opts *opts)
|
@@ -505,9 +615,20 @@ int fw_printenv(int argc, char *argv[], int value_only, struct env_opts *opts)
|
||||||
|
|
||||||
int fw_env_flush(struct env_opts *opts)
|
int fw_env_flush(struct env_opts *opts)
|
||||||
{
|
{
|
||||||
|
|
@ -253,7 +248,7 @@ index eef12dd2b7..b804314093 100644
|
||||||
/*
|
/*
|
||||||
* Update CRC
|
* Update CRC
|
||||||
*/
|
*/
|
||||||
@@ -1396,6 +1516,8 @@ int fw_env_open(struct env_opts *opts)
|
@@ -1396,6 +1517,8 @@ int fw_env_open(struct env_opts *opts)
|
||||||
struct env_image_single *single;
|
struct env_image_single *single;
|
||||||
struct env_image_redundant *redundant;
|
struct env_image_redundant *redundant;
|
||||||
|
|
||||||
|
|
@ -262,7 +257,7 @@ index eef12dd2b7..b804314093 100644
|
||||||
if (!opts)
|
if (!opts)
|
||||||
opts = &default_opts;
|
opts = &default_opts;
|
||||||
|
|
||||||
@@ -1434,6 +1556,15 @@ int fw_env_open(struct env_opts *opts)
|
@@ -1434,6 +1557,15 @@ int fw_env_open(struct env_opts *opts)
|
||||||
|
|
||||||
crc0 = crc32(0, (uint8_t *)environment.data, ENV_SIZE);
|
crc0 = crc32(0, (uint8_t *)environment.data, ENV_SIZE);
|
||||||
|
|
||||||
|
|
@ -278,7 +273,7 @@ index eef12dd2b7..b804314093 100644
|
||||||
crc0_ok = (crc0 == *environment.crc);
|
crc0_ok = (crc0 == *environment.crc);
|
||||||
if (!have_redund_env) {
|
if (!have_redund_env) {
|
||||||
if (!crc0_ok) {
|
if (!crc0_ok) {
|
||||||
@@ -1491,6 +1622,15 @@ int fw_env_open(struct env_opts *opts)
|
@@ -1491,6 +1623,15 @@ int fw_env_open(struct env_opts *opts)
|
||||||
|
|
||||||
crc1 = crc32(0, (uint8_t *)redundant->data, ENV_SIZE);
|
crc1 = crc32(0, (uint8_t *)redundant->data, ENV_SIZE);
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue