From 9005ddd4bc79e01206899b31b85fce589dbba0b1 Mon Sep 17 00:00:00 2001 From: Vadim Bendebury Date: Sat, 22 Aug 2015 20:23:23 -0700 Subject: cr50: add plumbing for signing CR50 RO images The signer utility needs to be built and the flat image needs to be signed. The signer utility is written in C++, supporting this required adding a new make command to Makefile.rules and a build file for the utility. The signing now needs to be a part of generating the .flat file. To achieve this an alternative set of rules is defined in Makfile.rules for targets where RO image needs to be signed. Rules for converting elf to hex have been consolidated as there is no need to omit the --set-section-flags when it does not apply. BRANCH=none BUG=chrome-os-partner:43025 TEST=as follows: - ran 'rm build/cr50; make BOARD=cr50' - observed that both build/cr50/ec.bin and build/cr50/RO/ec.RO.flat have the required signature header in the first 1024 bytes. - verified that the cr50 board can be booted over SPI using the image in build/cr50/RO/ec.RO.flat Change-Id: Iacc22561de67fadfaf8e049bf9578cbd08cfad86 Signed-off-by: Vadim Bendebury Reviewed-on: https://chromium-review.googlesource.com/295291 Reviewed-by: Randall Spangler Reviewed-by: Aseda Aboagye --- Makefile | 1 + Makefile.rules | 29 ++++++++++++++++++++--------- Makefile.toolchain | 11 +++++++---- chip/g/build.mk | 6 ++++++ util/signer/build.mk | 16 ++++++++++++++++ 5 files changed, 50 insertions(+), 13 deletions(-) create mode 100644 util/signer/build.mk diff --git a/Makefile b/Makefile index 753159cc67..339de0b144 100644 --- a/Makefile +++ b/Makefile @@ -131,6 +131,7 @@ include power/build.mk include test/build.mk include util/build.mk include util/lock/build.mk +include util/signer/build.mk includes+=$(includes-y) diff --git a/Makefile.rules b/Makefile.rules index 5682f47ec9..7503884197 100644 --- a/Makefile.rules +++ b/Makefile.rules @@ -42,10 +42,11 @@ cmd_lds = $(CPP) -P -C -MMD -MF $@.d -MT $@ $(CPPFLAGS) \ cmd_obj_to_bin ?= $(OBJCOPY) --gap-fill=0xff -O binary $^ $(out)/$*.bin.tmp cmd_flat_to_obj = $(CC) -T $(out)/firmware_image.lds -nostdlib $(CPPFLAGS) \ -Wl,--build-id=none -o $@ $< -cmd_elf_to_flat = $(OBJCOPY) -O binary $(patsubst %.flat,%.elf,$@) $@ # Allow the .roshared section to overlap other sections (itself) cmd_ec_elf_to_flat ?= $(OBJCOPY) --set-section-flags .roshared=share \ - -O binary $(patsubst %.flat,%.elf,$@) $@ + -O binary $< $@ +cmd_raw_to_flat ?= $(out)/util/signer util/signer/rom-testkey.pem $< \ + && mv $<.signed $@ cmd_elf_to_dis = $(OBJDUMP) -D $< > $@ cmd_elf_to_hex = $(OBJCOPY) -O ihex $< $@ cmd_bin_to_hex = $(OBJCOPY) -I binary -O ihex \ @@ -61,6 +62,8 @@ cmd_c_to_build = $(BUILDCC) $(BUILD_CFLAGS) \ -MMD -MF $@.d -o $@ cmd_c_to_host = $(HOSTCC) $(HOST_CFLAGS) -MMD -MF $@.d -o $@ \ $(sort $(foreach c,$($(*F)-objs),util/$(c:%.o=%.c)) $*.c) +cmd_cxx_to_host = $(HOSTCXX) -std=c++0x $(COMMON_WARN) \ + -I ./$($(notdir $@)_ROOT) -o $@ $(filter %.cc,$^) $($(notdir $@)_LIBS) cmd_host_test = ./util/run_host_test $* $(silent) cmd_date = $(if $(USE_GIT_DATE),cat /dev/null,./util/getdate.sh) > $@ cmd_version = ./util/getversion.sh > $@ @@ -190,19 +193,27 @@ $(out)/$(PROJECT).obj: common/firmware_image.S $(out)/firmware_image.lds \ $(out)/%.dis: $(out)/%.elf $(call quiet,elf_to_dis,OBJDUMP) -$(out)/%.flat: $(out)/%.elf $(out)/%.smap - $(call quiet,elf_to_flat,OBJCOPY) +$(out)/RW/%.hex: $(out)/RW/%.elf $(out)/RW/%.smap + $(call quiet,elf_to_hex,OBJCOPY) -$(out)/RW/ec.RW.flat: $(out)/RW/ec.RW.elf $(out)/RW/ec.RW.smap - $(call quiet,ec_elf_to_flat,OBJCOPY) -$(out)/RO/ec.RO.flat: $(out)/RO/ec.RO.elf $(out)/RO/ec.RO.smap +ifeq ($(SIGNED_RO_IMAGE),) +$(out)/%.flat: $(out)/%.elf $(out)/%.smap $(call quiet,ec_elf_to_flat,OBJCOPY) -$(out)/RW/%.hex: $(out)/RW/%.elf $(out)/RW/%.smap - $(call quiet,elf_to_hex,OBJCOPY) $(out)/RO/%.hex: $(out)/RO/%.elf $(out)/RO/%.smap $(call quiet,elf_to_hex,OBJCOPY) +else +$(out)/RW/ec.RW.flat: $(out)/RW/ec.RW.elf + $(call quiet,ec_elf_to_flat,OBJCOPY) +$(out)/RO/ec.RO.flat.raw: $(out)/RO/ec.RO.elf $(out)/RO/ec.RO.smap + $(call quiet,ec_elf_to_flat,OBJCOPY) +$(out)/RO/ec.RO.flat: $(out)/RO/ec.RO.flat.raw + $(call quiet,raw_to_flat,RO_SIGN) + +$(out)/RO/%.hex: $(out)/RO/%.flat + $(call quiet,bin_to_hex,OBJCOPY) +endif $(out)/$(PROJECT).hex: $(out)/$(PROJECT).bin $(call quiet,bin_to_hex,OBJCOPY) diff --git a/Makefile.toolchain b/Makefile.toolchain index 9b317c89e3..9f20faff67 100644 --- a/Makefile.toolchain +++ b/Makefile.toolchain @@ -18,11 +18,14 @@ OBJDUMP=$(CROSS_COMPILE)objdump PKG_CONFIG?=pkg-config BUILDCC?=gcc HOSTCC?=$(HOST_CROSS_COMPILE)gcc +HOSTCXX?=$(HOST_CROSS_COMPILE)g++ -CFLAGS_WARN=-Wall -Werror -Wundef -Wstrict-prototypes -Wno-trigraphs \ - -fno-strict-aliasing -fno-common \ - -Werror-implicit-function-declaration -Wno-format-security \ - -Wdeclaration-after-statement -Wno-pointer-sign -fno-strict-overflow +C_WARN = -Wstrict-prototypes -Wdeclaration-after-statement -Wno-pointer-sign +COMMON_WARN = -Wall -Werror -Wundef -Wno-trigraphs -fno-strict-aliasing \ + -fno-common -Werror-implicit-function-declaration \ + -Wno-format-security -fno-strict-overflow +CFLAGS_WARN = $(COMMON_WARN) $(C_WARN) +CXXFLAGS_WARN = $(COMMON_WARN) CFLAGS_DEBUG= -g CFLAGS_INCLUDE=$(foreach i,$(includes),-I$(i) ) -I. CFLAGS_TEST=$(if $(TEST_BUILD),-DTEST_BUILD \ diff --git a/chip/g/build.mk b/chip/g/build.mk index 0cdb01b391..4a8ad47c39 100644 --- a/chip/g/build.mk +++ b/chip/g/build.mk @@ -4,6 +4,8 @@ # found in the LICENSE file. # +SIGNED_RO_IMAGE = 1 + CORE:=cortex-m CFLAGS_CPU+=-march=armv7-m -mcpu=cortex-m3 @@ -33,3 +35,7 @@ chip-$(CONFIG_USB_CONSOLE)+=usb_console.o chip-$(CONFIG_USB_HID)+=usb_hid.o # TODO(wfrichar): Document this (and all other CONFIG_USB_*) in config.h chip-$(CONFIG_USB_BLOB)+=usb_blob.o + +$(out)/RO/ec.RO.flat: $(out)/util/signer + +$(out)/RO/ec.RO.hex: $(out)/RO/ec.RO.flat diff --git a/util/signer/build.mk b/util/signer/build.mk new file mode 100644 index 0000000000..7e7db38997 --- /dev/null +++ b/util/signer/build.mk @@ -0,0 +1,16 @@ +# -*- makefile -*- +# Copyright 2015 The Chromium OS Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. +# +# Lock library +# + +signer_LIBS := -lcrypto +signer_ROOT := util/signer +SIGNER_DEPS := $(addprefix $(signer_ROOT)/, codesigner.cc \ + publickey.cc publickey.h signed_header.h) + +$(out)/util/signer: $(SIGNER_DEPS) + $(call quiet,cxx_to_host,HOSTCXX) + -- cgit v1.2.1