[PATCH] lib/flash: Check if the partition is signed
Samuel Mendoza-Jonas
sam at mendozajonas.com
Fri Nov 16 14:21:09 AEDT 2018
On Thu, 2018-11-01 at 14:45 +1100, Samuel Mendoza-Jonas wrote:
> In more recent firmware images built by op-build the VERSION partition
> is signed, and includes a 'secure header'. Check for this and skip it if
> found so we parse the version strings properly.
>
> Signed-off-by: Samuel Mendoza-Jonas <sam at mendozajonas.com>
Merged as 6a9c33fe
> ---
> lib/flash/flash.c | 16 ++++++++++++++++
> 1 file changed, 16 insertions(+)
>
> diff --git a/lib/flash/flash.c b/lib/flash/flash.c
> index b7e5b88b..804d9d2c 100644
> --- a/lib/flash/flash.c
> +++ b/lib/flash/flash.c
> @@ -31,6 +31,8 @@
> #include <libflash/file.h>
> #include <libflash/ecc.h>
>
> +#define SECURE_BOOT_HEADERS_SIZE 4096
> +#define ROM_MAGIC_NUMBER 0x17082011
>
> struct flash_info {
> /* Device information */
> @@ -148,6 +150,16 @@ out:
> return NULL;
> }
>
> +/* See stb_is_container() in Skiboot */
> +static bool is_signed(char *buffer, uint32_t len)
> +{
> + if (!buffer || len <= SECURE_BOOT_HEADERS_SIZE)
> + return false;
> + if (be32_to_cpu((uint32_t *)buffer) != ROM_MAGIC_NUMBER)
> + return false;
> + return true;
> +}
> +
> int flash_parse_version(void *ctx, char ***versions, bool current)
> {
> char *saveptr, *tok, **tmp, *buffer;
> @@ -182,6 +194,10 @@ int flash_parse_version(void *ctx, char ***versions, bool current)
> goto out;
> }
>
> + /* Check if this partition is signed */
> + if (is_signed(buffer, len))
> + buffer += SECURE_BOOT_HEADERS_SIZE;
> +
> /* open-power-platform */
> tok = strtok_r(buffer, delim, &saveptr);
> if (tok) {
More information about the Petitboot
mailing list