Here we are adding support to fix several warnings and
NPD.FUNC.MUST, ABV.GENERAL, INCORRECT.ALLOC_SIZE KW issues
in sysupgrade source code.
Change-Id: If8053878696494c1425ebd20840d17d9c6a74524
Signed-off-by: Vijay Balaji <quic_vijbal@quicinc.com>
This change will fix warnings occurred during
compilation of sysupgrade source files
Change-Id: I0526da607b383064b4c5cea7462fe4c12c669a3b
Signed-off-by: Vijay Balaji <quic_vijbal@quicinc.com>
(cherry picked from commit 6a7c18c463)
We observed that ubi_rootfs volume id is different for ipq807x
and ipq95xx, so we use volume name instead of volume id for
rootfs extraction from ubi.
Change-Id: I0b536fbceae47279b81d76f8108ca8640c09657c
Signed-off-by: Vijay Balaji <quic_vijbal@quicinc.com>
This change will add support for rootfs Authentication in all
flashtypes (Nor, Nand, Emmc and norplusnand) during sysupgrade.
Here we are adding support to sign rootfs image with sha384.
The rootfs metadata is available at the end of kernel image.
This change adds supports to extract rootfs metadata from
kernel image and stores in /tmp/metadata.bin.
It also calculates sha384 of rootfs binary and stores in /tmp/sha384_keyXXXXXX
After this we use below command to authenticate rootfs metadata:
echo -n "0x17 /tmp/metadata.bin /tmp/sha384_keyXXXXXX" > /sys/sec_upgrade/sec_auth
Change-Id: Iaf304d5edcd3bfff849fcb3705f5342f4c354b5b
Signed-off-by: Vijay Balaji <quic_vijbal@quicinc.com>
Add rootfs section to authenticate signed rootfs image
Parse the hlos elf header and get the rootfs metadata offset
Reads metadata available at the end of hlos image and write to /tmp/metadata.bin
Calculate sha384 and write to /tmp/sha384_XXXXX file
Use /tmp/metadata.bin and /tmp/sha384_XXXXX to get rootfs auth by TZ
Change-Id: Iaa4bf6b0cfbae4f4a56187f80f2873cb69550051
Signed-off-by: Ram Chandra Jangir <quic_rjangir@quicinc.com>
Now we are adding preamble value to read SBL header if ubi section
is present in the image. But in case of NOR+NAND images, though we are
having SBL in NOR and ubi section is also present and NAND_PREAMBLE
is getting added. which is breaking NOR+NAND sysupgrade.
Added functionality to compare first 12 bytes of section with pre
defined PREAMBLE value. If values matches, add the NAND_PREAMBLE to
read SBL header.
Change-Id: I704ee86cc50aa3ce3b2ab6ec34beab866ffde4b9
Signed-off-by: Anto Norbert <norbrt@codeaurora.org>
This change adds the correct Sbl_Hdr instead of Mbn_Hdr, since
sbl header is different than normal Mbn_Hdr, and adds the sbl
header size as 80.
SBL in nand starts with preamble before the sbl header, so here
it adds the preamble for header start address as well as
src, sig and cert offset values.
Change-Id: I9a56d7b4a51890b74a5ee5fe3047a38801d23803
Signed-off-by: Ram Chandra Jangir <rjangir@codeaurora.org>
This change will look for existence of file /sys/sec_upgrade/sec_auth
if the file exists, it performs image authentication with the new
approach i.e TZ enabled mechanism.
It reads all the sections of the single image and writes each
section's type and image file path in /sys/sec_upgrade/sec_auth.
If a written section image is a proper signed image, then it will
return success else will cause the failure.
Change-Id: I649581e0ab74a66d677e5bfbf1c34fd83cb2465d
Signed-off-by: Avinash Pandey <avinasv@codeaurora.org>
This change adds support to check devcfg version and
allows sysupgrade only if the version is higher.
Change-Id: I7192f428c50c1b1b9eeddd1aac0d57d341d32436
Signed-off-by: Pavithra Palanisamy <pavip@codeaurora.org>
Currently our sysupgrade is comparing the calculated hash,
and referenced hash using strcmp(), A valid binary hash can
contain zeros or null, this can make strcmp() to stop when it
encounters a zero or null. To check the entire hash, not just
the bytes of the hash up to the first zero, we will use memcmp().
The existing code uses mbn_header->code_size for calculating
source offset from the image, this change adds mbn_header_size
for the calculation.
Change-Id: Iaae39d04e8e4aafc686a5acbc499b11b2b8d6602
Signed-off-by: Pavithra Palanisamy <pavip@codeaurora.org>
The existing sysupgrade treats all images as 32-bit image.
This change adds a check to signify the image class and
adds functions to process the headers respectively.
Change-Id: I04040fdc6e1a9c6c2df2407cd4b26dddaf4a008c
Signed-off-by: Pavithra Palanisamy <pavip@codeaurora.org>
