Add rootfs section to authenticate signed rootfs image
Parse the hlos elf header and get the rootfs metadata offset
Reads metadata available at the end of hlos image and write to /tmp/metadata.bin
Calculate sha384 and write to /tmp/sha384_XXXXX file
Use /tmp/metadata.bin and /tmp/sha384_XXXXX to get rootfs auth by TZ
Change-Id: Iaa4bf6b0cfbae4f4a56187f80f2873cb69550051
Signed-off-by: Ram Chandra Jangir <quic_rjangir@quicinc.com>
Now we are adding preamble value to read SBL header if ubi section
is present in the image. But in case of NOR+NAND images, though we are
having SBL in NOR and ubi section is also present and NAND_PREAMBLE
is getting added. which is breaking NOR+NAND sysupgrade.
Added functionality to compare first 12 bytes of section with pre
defined PREAMBLE value. If values matches, add the NAND_PREAMBLE to
read SBL header.
Change-Id: I704ee86cc50aa3ce3b2ab6ec34beab866ffde4b9
Signed-off-by: Anto Norbert <norbrt@codeaurora.org>
This change adds the correct Sbl_Hdr instead of Mbn_Hdr, since
sbl header is different than normal Mbn_Hdr, and adds the sbl
header size as 80.
SBL in nand starts with preamble before the sbl header, so here
it adds the preamble for header start address as well as
src, sig and cert offset values.
Change-Id: I9a56d7b4a51890b74a5ee5fe3047a38801d23803
Signed-off-by: Ram Chandra Jangir <rjangir@codeaurora.org>
This change will look for existence of file /sys/sec_upgrade/sec_auth
if the file exists, it performs image authentication with the new
approach i.e TZ enabled mechanism.
It reads all the sections of the single image and writes each
section's type and image file path in /sys/sec_upgrade/sec_auth.
If a written section image is a proper signed image, then it will
return success else will cause the failure.
Change-Id: I649581e0ab74a66d677e5bfbf1c34fd83cb2465d
Signed-off-by: Avinash Pandey <avinasv@codeaurora.org>
This change adds support to check devcfg version and
allows sysupgrade only if the version is higher.
Change-Id: I7192f428c50c1b1b9eeddd1aac0d57d341d32436
Signed-off-by: Pavithra Palanisamy <pavip@codeaurora.org>
Currently our sysupgrade is comparing the calculated hash,
and referenced hash using strcmp(), A valid binary hash can
contain zeros or null, this can make strcmp() to stop when it
encounters a zero or null. To check the entire hash, not just
the bytes of the hash up to the first zero, we will use memcmp().
The existing code uses mbn_header->code_size for calculating
source offset from the image, this change adds mbn_header_size
for the calculation.
Change-Id: Iaae39d04e8e4aafc686a5acbc499b11b2b8d6602
Signed-off-by: Pavithra Palanisamy <pavip@codeaurora.org>
The existing sysupgrade treats all images as 32-bit image.
This change adds a check to signify the image class and
adds functions to process the headers respectively.
Change-Id: I04040fdc6e1a9c6c2df2407cd4b26dddaf4a008c
Signed-off-by: Pavithra Palanisamy <pavip@codeaurora.org>
