From f52840da12381e8dfcbb18e7db454c5fa02de2dc Mon Sep 17 00:00:00 2001 From: Jonas Karlman Date: Sat, 21 Jan 2023 19:01:48 +0000 Subject: [PATCH] binman: Add special subnodes to the nodes generated by split-elf Special nodes, hash and signature, is not being added to the nodes generated for each segment in split-elf operation. Copy the subnode logic used in _gen_fdt_nodes to _gen_split_elf to ensure special nodes are added to the generated nodes. Signed-off-by: Jonas Karlman Reviewed-by: Simon Glass --- tools/binman/entries.rst | 14 ++++++++++++++ tools/binman/etype/fit.py | 23 +++++++++++++++++++++-- tools/binman/ftest.py | 12 ++++++++++++ tools/binman/test/226_fit_split_elf.dts | 6 ++++++ 4 files changed, 53 insertions(+), 2 deletions(-) diff --git a/tools/binman/entries.rst b/tools/binman/entries.rst index 8f11189b7b..78f95dae1a 100644 --- a/tools/binman/entries.rst +++ b/tools/binman/entries.rst @@ -762,6 +762,9 @@ Here is an example showing ATF, TEE and a device tree all combined:: atf-bl31 { }; + hash { + algo = "sha256"; + }; }; @tee-SEQ { @@ -777,6 +780,9 @@ Here is an example showing ATF, TEE and a device tree all combined:: tee-os { }; + hash { + algo = "sha256"; + }; }; }; @@ -805,6 +811,10 @@ ELF file, for example:: arch = "arm64"; type = "firmware"; description = "ARM Trusted Firmware"; + hash { + algo = "sha256"; + value = <...hash of first segment...>; + }; }; atf-2 { data = <...contents of second segment...>; @@ -814,6 +824,10 @@ ELF file, for example:: arch = "arm64"; type = "firmware"; description = "ARM Trusted Firmware"; + hash { + algo = "sha256"; + value = <...hash of second segment...>; + }; }; }; diff --git a/tools/binman/etype/fit.py b/tools/binman/etype/fit.py index df1ce81f9c..bcb606f3f9 100644 --- a/tools/binman/etype/fit.py +++ b/tools/binman/etype/fit.py @@ -228,6 +228,9 @@ class Entry_fit(Entry_section): atf-bl31 { }; + hash { + algo = "sha256"; + }; }; @tee-SEQ { @@ -243,6 +246,9 @@ class Entry_fit(Entry_section): tee-os { }; + hash { + algo = "sha256"; + }; }; }; @@ -271,6 +277,10 @@ class Entry_fit(Entry_section): arch = "arm64"; type = "firmware"; description = "ARM Trusted Firmware"; + hash { + algo = "sha256"; + value = <...hash of first segment...>; + }; }; atf-2 { data = <...contents of second segment...>; @@ -280,6 +290,10 @@ class Entry_fit(Entry_section): arch = "arm64"; type = "firmware"; description = "ARM Trusted Firmware"; + hash { + algo = "sha256"; + value = <...hash of second segment...>; + }; }; }; @@ -548,12 +562,13 @@ class Entry_fit(Entry_section): else: self.Raise("Generator node requires 'fit,fdt-list' property") - def _gen_split_elf(base_node, node, segments, entry_addr): + def _gen_split_elf(base_node, node, depth, segments, entry_addr): """Add nodes for the ELF file, one per group of contiguous segments Args: base_node (Node): Template node from the binman definition node (Node): Node to replace (in the FIT being built) + depth: Current node depth (0 is the base 'fit' node) segments (list): list of segments, each: int: Segment number (0 = first) int: Start address of segment in memory @@ -578,6 +593,10 @@ class Entry_fit(Entry_section): self._raise_subnode( node, f"Unknown directive '{pname}'") + for subnode in node.subnodes: + with fsw.add_node(subnode.name): + _add_node(node, depth + 1, subnode) + def _gen_node(base_node, node, depth, in_images, entry): """Generate nodes from a template @@ -631,7 +650,7 @@ class Entry_fit(Entry_section): self._raise_subnode( node, f'Failed to read ELF file: {str(exc)}') - _gen_split_elf(base_node, node, segments, entry_addr) + _gen_split_elf(base_node, node, depth, segments, entry_addr) def _add_node(base_node, depth, node): """Add nodes to the output FIT diff --git a/tools/binman/ftest.py b/tools/binman/ftest.py index f0d0afd5b8..cd27572571 100644 --- a/tools/binman/ftest.py +++ b/tools/binman/ftest.py @@ -5439,6 +5439,10 @@ fdt fdtmap Extract the devicetree blob from the fdtmap fdt_util.fdt32_to_cpu(atf1.props['load'].value)) self.assertEqual(data, atf1.props['data'].bytes) + hash_node = atf1.FindNode('hash') + self.assertIsNotNone(hash_node) + self.assertEqual({'algo', 'value'}, hash_node.props.keys()) + atf2 = dtb.GetNode('/images/atf-2') self.assertEqual(base_keys, atf2.props.keys()) _, start, data = segments[1] @@ -5446,6 +5450,14 @@ fdt fdtmap Extract the devicetree blob from the fdtmap fdt_util.fdt32_to_cpu(atf2.props['load'].value)) self.assertEqual(data, atf2.props['data'].bytes) + hash_node = atf2.FindNode('hash') + self.assertIsNotNone(hash_node) + self.assertEqual({'algo', 'value'}, hash_node.props.keys()) + + hash_node = dtb.GetNode('/images/tee-1/hash-1') + self.assertIsNotNone(hash_node) + self.assertEqual({'algo', 'value'}, hash_node.props.keys()) + conf = dtb.GetNode('/configurations') self.assertEqual({'default'}, conf.props.keys()) diff --git a/tools/binman/test/226_fit_split_elf.dts b/tools/binman/test/226_fit_split_elf.dts index fab15338b2..22c453e603 100644 --- a/tools/binman/test/226_fit_split_elf.dts +++ b/tools/binman/test/226_fit_split_elf.dts @@ -33,6 +33,9 @@ atf-bl31 { }; + hash { + algo = "sha256"; + }; }; @tee-SEQ { @@ -48,6 +51,9 @@ tee-os { }; + hash-1 { + algo = "sha256"; + }; }; }; -- 2.39.5