mkimage: fit_image: Add support for SOURCE_DATE_EPOCH in signatures
When generating timestamps in signatures, use imagetool_get_source_date() so we can be overridden by SOURCE_DATE_EPOCH to generate reproducible images. Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Reviewed-by: Simon Glass <sjg@chromum.org>
This commit is contained in:
Alex Kiernan
Tom Rini
parent
87925df2b3
commit
795f452eef
@ -1009,6 +1009,7 @@ int fit_set_timestamp(void *fit, int noffset, time_t timestamp);
|
|||||||
* @comment: Comment to add to signature nodes
|
* @comment: Comment to add to signature nodes
|
||||||
* @require_keys: Mark all keys as 'required'
|
* @require_keys: Mark all keys as 'required'
|
||||||
* @engine_id: Engine to use for signing
|
* @engine_id: Engine to use for signing
|
||||||
|
* @cmdname: Command name used when reporting errors
|
||||||
*
|
*
|
||||||
* Adds hash values for all component images in the FIT blob.
|
* Adds hash values for all component images in the FIT blob.
|
||||||
* Hashes are calculated for all component images which have hash subnodes
|
* Hashes are calculated for all component images which have hash subnodes
|
||||||
@ -1022,7 +1023,7 @@ int fit_set_timestamp(void *fit, int noffset, time_t timestamp);
|
|||||||
*/
|
*/
|
||||||
int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
|
int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
|
||||||
const char *comment, int require_keys,
|
const char *comment, int require_keys,
|
||||||
const char *engine_id);
|
const char *engine_id, const char *cmdname);
|
||||||
|
|
||||||
int fit_image_verify_with_data(const void *fit, int image_noffset,
|
int fit_image_verify_with_data(const void *fit, int image_noffset,
|
||||||
const void *data, size_t size);
|
const void *data, size_t size);
|
||||||
|
|||||||
@ -60,7 +60,8 @@ static int fit_add_file_data(struct image_tool_params *params, size_t size_inc,
|
|||||||
ret = fit_add_verification_data(params->keydir, dest_blob, ptr,
|
ret = fit_add_verification_data(params->keydir, dest_blob, ptr,
|
||||||
params->comment,
|
params->comment,
|
||||||
params->require_keys,
|
params->require_keys,
|
||||||
params->engine_id);
|
params->engine_id,
|
||||||
|
params->cmdname);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (dest_blob) {
|
if (dest_blob) {
|
||||||
|
|||||||
@ -106,7 +106,7 @@ static int fit_image_process_hash(void *fit, const char *image_name,
|
|||||||
*/
|
*/
|
||||||
static int fit_image_write_sig(void *fit, int noffset, uint8_t *value,
|
static int fit_image_write_sig(void *fit, int noffset, uint8_t *value,
|
||||||
int value_len, const char *comment, const char *region_prop,
|
int value_len, const char *comment, const char *region_prop,
|
||||||
int region_proplen)
|
int region_proplen, const char *cmdname)
|
||||||
{
|
{
|
||||||
int string_size;
|
int string_size;
|
||||||
int ret;
|
int ret;
|
||||||
@ -128,8 +128,12 @@ static int fit_image_write_sig(void *fit, int noffset, uint8_t *value,
|
|||||||
}
|
}
|
||||||
if (comment && !ret)
|
if (comment && !ret)
|
||||||
ret = fdt_setprop_string(fit, noffset, "comment", comment);
|
ret = fdt_setprop_string(fit, noffset, "comment", comment);
|
||||||
if (!ret)
|
if (!ret) {
|
||||||
ret = fit_set_timestamp(fit, noffset, time(NULL));
|
time_t timestamp = imagetool_get_source_date(cmdname,
|
||||||
|
time(NULL));
|
||||||
|
|
||||||
|
ret = fit_set_timestamp(fit, noffset, timestamp);
|
||||||
|
}
|
||||||
if (region_prop && !ret) {
|
if (region_prop && !ret) {
|
||||||
uint32_t strdata[2];
|
uint32_t strdata[2];
|
||||||
|
|
||||||
@ -201,7 +205,8 @@ static int fit_image_setup_sig(struct image_sign_info *info,
|
|||||||
static int fit_image_process_sig(const char *keydir, void *keydest,
|
static int fit_image_process_sig(const char *keydir, void *keydest,
|
||||||
void *fit, const char *image_name,
|
void *fit, const char *image_name,
|
||||||
int noffset, const void *data, size_t size,
|
int noffset, const void *data, size_t size,
|
||||||
const char *comment, int require_keys, const char *engine_id)
|
const char *comment, int require_keys, const char *engine_id,
|
||||||
|
const char *cmdname)
|
||||||
{
|
{
|
||||||
struct image_sign_info info;
|
struct image_sign_info info;
|
||||||
struct image_region region;
|
struct image_region region;
|
||||||
@ -229,7 +234,7 @@ static int fit_image_process_sig(const char *keydir, void *keydest,
|
|||||||
}
|
}
|
||||||
|
|
||||||
ret = fit_image_write_sig(fit, noffset, value, value_len, comment,
|
ret = fit_image_write_sig(fit, noffset, value, value_len, comment,
|
||||||
NULL, 0);
|
NULL, 0, cmdname);
|
||||||
if (ret) {
|
if (ret) {
|
||||||
if (ret == -FDT_ERR_NOSPACE)
|
if (ret == -FDT_ERR_NOSPACE)
|
||||||
return -ENOSPC;
|
return -ENOSPC;
|
||||||
@ -296,7 +301,7 @@ static int fit_image_process_sig(const char *keydir, void *keydest,
|
|||||||
*/
|
*/
|
||||||
int fit_image_add_verification_data(const char *keydir, void *keydest,
|
int fit_image_add_verification_data(const char *keydir, void *keydest,
|
||||||
void *fit, int image_noffset, const char *comment,
|
void *fit, int image_noffset, const char *comment,
|
||||||
int require_keys, const char *engine_id)
|
int require_keys, const char *engine_id, const char *cmdname)
|
||||||
{
|
{
|
||||||
const char *image_name;
|
const char *image_name;
|
||||||
const void *data;
|
const void *data;
|
||||||
@ -333,7 +338,7 @@ int fit_image_add_verification_data(const char *keydir, void *keydest,
|
|||||||
strlen(FIT_SIG_NODENAME))) {
|
strlen(FIT_SIG_NODENAME))) {
|
||||||
ret = fit_image_process_sig(keydir, keydest,
|
ret = fit_image_process_sig(keydir, keydest,
|
||||||
fit, image_name, noffset, data, size,
|
fit, image_name, noffset, data, size,
|
||||||
comment, require_keys, engine_id);
|
comment, require_keys, engine_id, cmdname);
|
||||||
}
|
}
|
||||||
if (ret)
|
if (ret)
|
||||||
return ret;
|
return ret;
|
||||||
@ -574,7 +579,7 @@ static int fit_config_get_data(void *fit, int conf_noffset, int noffset,
|
|||||||
static int fit_config_process_sig(const char *keydir, void *keydest,
|
static int fit_config_process_sig(const char *keydir, void *keydest,
|
||||||
void *fit, const char *conf_name, int conf_noffset,
|
void *fit, const char *conf_name, int conf_noffset,
|
||||||
int noffset, const char *comment, int require_keys,
|
int noffset, const char *comment, int require_keys,
|
||||||
const char *engine_id)
|
const char *engine_id, const char *cmdname)
|
||||||
{
|
{
|
||||||
struct image_sign_info info;
|
struct image_sign_info info;
|
||||||
const char *node_name;
|
const char *node_name;
|
||||||
@ -609,7 +614,7 @@ static int fit_config_process_sig(const char *keydir, void *keydest,
|
|||||||
}
|
}
|
||||||
|
|
||||||
ret = fit_image_write_sig(fit, noffset, value, value_len, comment,
|
ret = fit_image_write_sig(fit, noffset, value, value_len, comment,
|
||||||
region_prop, region_proplen);
|
region_prop, region_proplen, cmdname);
|
||||||
if (ret) {
|
if (ret) {
|
||||||
if (ret == -FDT_ERR_NOSPACE)
|
if (ret == -FDT_ERR_NOSPACE)
|
||||||
return -ENOSPC;
|
return -ENOSPC;
|
||||||
@ -638,7 +643,7 @@ static int fit_config_process_sig(const char *keydir, void *keydest,
|
|||||||
|
|
||||||
static int fit_config_add_verification_data(const char *keydir, void *keydest,
|
static int fit_config_add_verification_data(const char *keydir, void *keydest,
|
||||||
void *fit, int conf_noffset, const char *comment,
|
void *fit, int conf_noffset, const char *comment,
|
||||||
int require_keys, const char *engine_id)
|
int require_keys, const char *engine_id, const char *cmdname)
|
||||||
{
|
{
|
||||||
const char *conf_name;
|
const char *conf_name;
|
||||||
int noffset;
|
int noffset;
|
||||||
@ -657,7 +662,7 @@ static int fit_config_add_verification_data(const char *keydir, void *keydest,
|
|||||||
strlen(FIT_SIG_NODENAME))) {
|
strlen(FIT_SIG_NODENAME))) {
|
||||||
ret = fit_config_process_sig(keydir, keydest,
|
ret = fit_config_process_sig(keydir, keydest,
|
||||||
fit, conf_name, conf_noffset, noffset, comment,
|
fit, conf_name, conf_noffset, noffset, comment,
|
||||||
require_keys, engine_id);
|
require_keys, engine_id, cmdname);
|
||||||
}
|
}
|
||||||
if (ret)
|
if (ret)
|
||||||
return ret;
|
return ret;
|
||||||
@ -668,7 +673,7 @@ static int fit_config_add_verification_data(const char *keydir, void *keydest,
|
|||||||
|
|
||||||
int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
|
int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
|
||||||
const char *comment, int require_keys,
|
const char *comment, int require_keys,
|
||||||
const char *engine_id)
|
const char *engine_id, const char *cmdname)
|
||||||
{
|
{
|
||||||
int images_noffset, confs_noffset;
|
int images_noffset, confs_noffset;
|
||||||
int noffset;
|
int noffset;
|
||||||
@ -691,7 +696,8 @@ int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
|
|||||||
* i.e. component image node.
|
* i.e. component image node.
|
||||||
*/
|
*/
|
||||||
ret = fit_image_add_verification_data(keydir, keydest,
|
ret = fit_image_add_verification_data(keydir, keydest,
|
||||||
fit, noffset, comment, require_keys, engine_id);
|
fit, noffset, comment, require_keys, engine_id,
|
||||||
|
cmdname);
|
||||||
if (ret)
|
if (ret)
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
@ -715,7 +721,7 @@ int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
|
|||||||
ret = fit_config_add_verification_data(keydir, keydest,
|
ret = fit_config_add_verification_data(keydir, keydest,
|
||||||
fit, noffset, comment,
|
fit, noffset, comment,
|
||||||
require_keys,
|
require_keys,
|
||||||
engine_id);
|
engine_id, cmdname);
|
||||||
if (ret)
|
if (ret)
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user