[Skiboot] [RFC v2 PATCH] stb: create-container utility for wrapping something in a container

Stewart Smith stewart at linux.vnet.ibm.com
Thu Nov 17 19:28:12 AEDT 2016


Signed-off-by: Stewart Smith <stewart at linux.vnet.ibm.com>
--
v2: this time it boots! SHIP IT!
---
 libstb/Makefile.inc       |   4 ++
 libstb/create-container.c | 118 ++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 122 insertions(+)
 create mode 100644 libstb/create-container.c

diff --git a/libstb/Makefile.inc b/libstb/Makefile.inc
index 337b9e4..b7e7841 100644
--- a/libstb/Makefile.inc
+++ b/libstb/Makefile.inc
@@ -12,3 +12,7 @@ include $(SRC)/$(LIBSTB_DIR)/drivers/Makefile.inc
 include $(SRC)/$(LIBSTB_DIR)/tss/Makefile.inc
 
 $(LIBSTB): $(LIBSTB_OBJS:%=$(LIBSTB_DIR)/%) $(DRIVERS) $(TSS)
+
+libstb/create-container: libstb/create-container.c
+	$(call Q, HOSTCC ,$(HOSTCC) $(HOSTCFLAGS) \
+	-Wpadded -O0 -g -I$(SRC) -o $@ $<,$<)
diff --git a/libstb/create-container.c b/libstb/create-container.c
new file mode 100644
index 0000000..1fe222d
--- /dev/null
+++ b/libstb/create-container.c
@@ -0,0 +1,118 @@
+/* Copyright 2013-2016 IBM Corp.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * 	http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ * implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <config.h>
+
+#include <stdbool.h>
+#include <types.h>
+#include "container.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <getopt.h>
+#include <unistd.h>
+#include <string.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/mman.h>
+#include <fcntl.h>
+#include <assert.h>
+
+int main(int argc, char* argv[])
+{
+	int fdin, fdout;
+	void *container = malloc(SECURE_BOOT_HEADERS_SIZE);
+	struct stat s;
+	char *buf = malloc(4096);
+	off_t l;
+	void *infile;
+	int r;
+	ROM_container_raw *c = (ROM_container_raw*)container;
+	ROM_prefix_header_raw *ph;
+	ROM_prefix_data_raw *pd;
+	ROM_sw_header_raw *swh;
+
+	memset(container, 0, SECURE_BOOT_HEADERS_SIZE);
+
+	if (argc<3)
+		return -1;
+
+	fdin = open(argv[1], O_RDONLY);
+	assert(fdin > 0);
+	r = fstat(fdin, &s);
+	assert(r==0);
+	infile = mmap(NULL, s.st_size, PROT_READ, 0, fdin, 0);
+	assert(infile);
+	fdout = open(argv[2], O_WRONLY|O_CREAT|O_TRUNC);
+	assert(fdout > 0);
+
+	c->magic_number = cpu_to_be32(ROM_MAGIC_NUMBER);
+	c->version = 1;
+	c->container_size = cpu_to_be64(SECURE_BOOT_HEADERS_SIZE + s.st_size);
+	c->target_hrmor = 0;
+	c->stack_pointer = 0;
+	memset(c->hw_pkey_a, 0, sizeof(ecc_key_t));
+	memset(c->hw_pkey_b, 0, sizeof(ecc_key_t));
+	memset(c->hw_pkey_c, 0, sizeof(ecc_key_t));
+
+	ph = container + sizeof(ROM_container_raw);
+	ph->ver_alg.version = cpu_to_be16(1);
+	ph->ver_alg.hash_alg = 1;
+	ph->ver_alg.sig_alg = 1;
+	ph->code_start_offset = 0;
+	ph->reserved = 0;
+	ph->flags = 0;
+	ph->sw_key_count = 1; // 1, not 0. Because Hostboot
+	memset(ph->payload_hash, 0, sizeof(sha2_hash_t)); // TODO
+	ph->ecid_count = 0;
+
+	pd = (ROM_prefix_data_raw*)ph->ecid;
+	memset(pd->hw_sig_a, 0, sizeof(ecc_signature_t));
+	memset(pd->hw_sig_b, 0, sizeof(ecc_signature_t));
+	memset(pd->hw_sig_c, 0, sizeof(ecc_signature_t));
+	memset(pd->sw_pkey_p, 0, sizeof(ecc_key_t));
+	memset(pd->sw_pkey_q, 0, sizeof(ecc_key_t));
+	memset(pd->sw_pkey_r, 0, sizeof(ecc_key_t));
+	ph->payload_size = cpu_to_be64(sizeof(ecc_signature_t)*3 + ph->sw_key_count * sizeof(ecc_key_t));
+
+	swh = (ROM_sw_header_raw*)(((void*)pd) + be64_to_cpu(ph->payload_size));
+	swh->ver_alg.version = cpu_to_be16(1);
+	swh->ver_alg.hash_alg = 1;
+	swh->ver_alg.sig_alg = 1;
+	swh->code_start_offset = 0;
+	swh->reserved = 0;
+	swh->flags = 0;
+	swh->reserved_0 = 0;
+	swh->payload_size = cpu_to_be64(s.st_size);
+
+	r = write(fdout, container, SECURE_BOOT_HEADERS_SIZE);
+	assert(r == 4096);
+	read(fdin, buf, s.st_size%4096);
+	write(fdout, buf, s.st_size%4096);
+	l = s.st_size - s.st_size%4096;
+	while (l) {
+		read(fdin, buf, 4096);
+		write(fdout, buf, 4096);
+		l-=4096;
+	};
+	close(fdin);
+	close(fdout);
+
+	free(container);
+	free(buf);
+	return 0;
+}
-- 
2.7.4



More information about the Skiboot mailing list