summaryrefslogtreecommitdiff
path: root/util/broadcom/secimage
AgeCommit message (Collapse)Author
2018-02-10util/broadcom/secimage: Add distclean targetMartin Roth
When running 'make distclean' on coreboot, the build cleans the tools as well. Since secimage didn't have a distclean target, it gave an error that the distclean target didn't exist. This didn't actually affect anything more than the secimage clean, but it was impossible to tell that from the warning: % make distclean make[1]: *** No rule to make target 'distclean'. Stop. Change-Id: I4b4bcc1ab48e767218d31e455d23527acedf4953 Signed-off-by: Martin Roth <martinroth@google.com> Reviewed-on: https://review.coreboot.org/23666 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
2018-02-06util/broadcom/secimage: Add HMAC testAlex Thiessen
One of responsibilities of the `secimage` tool is signing the image using the HMAC-SHA256 algorithm. The test being added verifies that secimage's internal call yields same result as the according openssl tool does. Change-Id: I8de4328f435af56901a861e3d5e733657c3c7f78 Signed-off-by: Alex Thiessen <alex.thiessen.de+coreboot@gmail.com> Reviewed-on: https://review.coreboot.org/23474 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Georgi <pgeorgi@google.com> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
2018-01-14util/broadcom/secimage: Add OpenSSL 1.1 supportAlex Thiessen
The `secimage` utility uses OpenSSL to calculate HMAC, which it does in a rather unorthodox way, using deprecated `HMAC_CTX_init` API and repeated calling of `HMAC_Init_ex` without a clear reason. The former causes build errors with OpenSSL 1.1 while the rest of the `HmacSha256Hash` function is confusing and overly complex. Make `HmacSha256Hash` use a single OpenSSL API call. Test passed: resulting signed binary remains identical. Change-Id: Ib23c0ad96f9d8cc30ad357de8c0b0ba967c7d724 Signed-off-by: Alex Thiessen <alex.thiessen.de+coreboot@gmail.com> Reviewed-on: https://review.coreboot.org/23069 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2016-12-16util/broadcom: Check for successful file accessPatrick Georgi
Change-Id: I5c77b3c5ea3fbc249a8c564a521c2c3c45e1c560 Signed-off-by: Patrick Georgi <pgeorgi@chromium.org> Found-by: Coverity Scan #1323510 Reviewed-on: https://review.coreboot.org/17877 Tested-by: build bot (Jenkins) Reviewed-by: Martin Roth <martinroth@google.com>
2016-12-16util/broadcom: Add two more NULL checksPatrick Georgi
Change-Id: I088730fd87dd39fa2c36a06c5770fad05a5808b0 Signed-off-by: Patrick Georgi <pgeorgi@chromium.org> Found-by: Coverity Scan #1323511, #1323512 Reviewed-on: https://review.coreboot.org/17882 Tested-by: build bot (Jenkins) Reviewed-by: Martin Roth <martinroth@google.com>
2016-12-16util/broadcom: Check return value of stat()Patrick Georgi
Change-Id: Ib53408e8b186c07aa8e42c67131d39c4add05983 Signed-off-by: Patrick Georgi <pgeorgi@chromium.org> Found-by: Coverity Scan #1323515 Reviewed-on: https://review.coreboot.org/17881 Tested-by: build bot (Jenkins) Reviewed-by: Martin Roth <martinroth@google.com>
2016-12-16util/broadcom: Initialize variablePatrick Georgi
It's later tested for NULL, but never initialized to make that test work reliably. Change-Id: Iadee1af224507a6dd39956306f3eafa687895176 Signed-off-by: Patrick Georgi <pgeorgi@chromium.org> Found-by: Coverity Scan #1323515 Reviewed-on: https://review.coreboot.org/17880 Tested-by: build bot (Jenkins) Reviewed-by: Martin Roth <martinroth@google.com>
2016-12-16util/broadcom: Close file after usePatrick Georgi
Change-Id: Ieea7ac7fbc618cd12f843f1606f9ebab37cae67e Signed-off-by: Patrick Georgi <pgeorgi@chromium.org> Found-by: Coverity Scan #1323508 Reviewed-on: https://review.coreboot.org/17879 Tested-by: build bot (Jenkins) Reviewed-by: Martin Roth <martinroth@google.com>
2016-12-16util/broadcom: Terminate stringPatrick Georgi
filebuffer is treated like a string, so it should be zero-terminated like a string. Change-Id: I078aa39906394be64023424731fe0c7ae2019899 Signed-off-by: Patrick Georgi <pgeorgi@chromium.org> Found-by: Coverity Scan #1323473 Reviewed-on: https://review.coreboot.org/17878 Tested-by: build bot (Jenkins) Reviewed-by: Martin Roth <martinroth@google.com>
2016-12-16util/broadcom: close file on errorPatrick Georgi
Change-Id: I5193c6a9f08398b881c971c7175654ba5775b34a Signed-off-by: Patrick Georgi <pgeorgi@chromium.org> Found-by: Coverity Scan #1323509 Reviewed-on: https://review.coreboot.org/17876 Tested-by: build bot (Jenkins) Reviewed-by: Martin Roth <martinroth@google.com>
2015-08-09secimage: Use libz's crc32 functionStefan Reinauer
This is to trick libreboot into not deleting misc.c when checking out coreboot. Change-Id: I8f0bb5cb3eb5681f99c616ae03de126efab852a9 Signed-off-by: Stefan Reinauer <stefan.reinauer@coreboot.org> Reviewed-on: http://review.coreboot.org/11134 Tested-by: build bot (Jenkins) Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2015-08-09secimage: reformatStefan Reinauer
Change-Id: Ibfa8b6b60b2b39212cef27bb2a5f8849218164bb Signed-off-by: Stefan Reinauer <stefan.reinauer@coreboot.org> Reviewed-on: http://review.coreboot.org/11133 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2015-07-31secimage: Don't link in gmp libraryStefan Reinauer
secimage does not use libgmp, so don't link it in. (Otherwise linking fails if the library is not installed) Change-Id: I24af21c7754ecd0109f3e86669fa34fa6991d7fe Signed-off-by: Stefan Reinauer <stefan.reinauer@coreboot.org> Reviewed-on: http://review.coreboot.org/11079 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com>
2015-04-22util/broadcom: specify libraries after object filesPatrick Georgi
Some compilers and linkers require a strict order or fail to find all symbols. Change-Id: I3f44bec1f0e21e7313a751fbc99c61c1aa9b7cf1 Signed-off-by: Patrick Georgi <pgeorgi@chromium.org> Reviewed-on: http://review.coreboot.org/9962 Tested-by: build bot (Jenkins) Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2015-04-22broadcom/cygnus: add secimage and sign bootblockDaisuke Nojiri
secimage is a tool which adds a header and signature to the binary first loaded by the soc. ARM core frequency is set to 1 Ghz. BUG=chrome-os-partner:36421 BRANCH=broadcom-firmware TEST=booted b0 board Change-Id: Ia08600d45c47ee4f08d253980036916e44b0044a Signed-off-by: Patrick Georgi <pgeorgi@chromium.org> Original-Commit-Id: 36284d1b242c26b0b5aac2894f7ed1790da1ef15 Original-Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org> Original-Reviewed-on: https://chrome-internal-review.googlesource.com/197155 Original-Reviewed-by: Scott Branden <sbranden@broadcom.com> Original-Reviewed-by: Julius Werner <jwerner@chromium.org> Original-Commit-Queue: Daisuke Nojiri <dnojiri@google.com> Original-Tested-by: Daisuke Nojiri <dnojiri@google.com> Original-Change-Id: Iaddd24006b368c8f37e075cb51e151e985029f3b Original-Reviewed-on: https://chromium-review.googlesource.com/264417 Reviewed-on: http://review.coreboot.org/9914 Tested-by: build bot (Jenkins) Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>