diff options
author | Jason M. Bills <jason.m.bills@linux.intel.com> | 2020-04-08 01:43:15 +0300 |
---|---|---|
committer | Jason M. Bills <jason.m.bills@linux.intel.com> | 2020-04-13 22:35:48 +0300 |
commit | 235618c7396902842906bc3a8c90a3320aeeaeba (patch) | |
tree | 27cb132ef7a799804c6b71be460cc8e718c7dcce /meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files | |
parent | ee6f67609223ac24c3e4f55ae7cc78c60a3fdb34 (diff) | |
download | openbmc-235618c7396902842906bc3a8c90a3320aeeaeba.tar.xz |
Update to internal 0.47
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
Diffstat (limited to 'meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files')
-rwxr-xr-x | meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/pfr_image.py | 43 | ||||
-rw-r--r-- | meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/wht/bmc_config.xml (renamed from meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/bmc_config.xml) | 0 | ||||
-rw-r--r-- | meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/wht/csk_prv.pem (renamed from meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/csk_prv.pem) | 0 | ||||
-rw-r--r-- | meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/wht/csk_pub.pem (renamed from meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/csk_pub.pem) | 0 | ||||
-rw-r--r-- | meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/wht/pfm_config.xml (renamed from meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/pfm_config.xml) | 96 | ||||
-rw-r--r-- | meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/wht/pfr_manifest.json (renamed from meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/pfr_manifest.json) | 66 | ||||
-rw-r--r-- | meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/wht/rk_prv.pem (renamed from meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/rk_prv.pem) | 0 | ||||
-rw-r--r-- | meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/wht/rk_pub.pem (renamed from meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/rk_pub.pem) | 0 |
8 files changed, 140 insertions, 65 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/pfr_image.py b/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/pfr_image.py index c2c18247d..438a3b91f 100755 --- a/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/pfr_image.py +++ b/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/pfr_image.py @@ -17,7 +17,7 @@ import os, hashlib, struct, json, sys, subprocess, mmap, io, array, binascii, copy, shutil, re from array import array from binascii import unhexlify -from hashlib import sha1, sha256, sha512 +from hashlib import sha1, sha256, sha384, sha512 from shutil import copyfile # Flash Map # ----------------------------------------------- @@ -44,8 +44,7 @@ EXCLUDE_PAGES =[[0x80, 0x9f],[0x2a00,0x7fff]] PFM_OFFSET = 0x80000 PFM_SPI = 0x1 PFM_I2C = 0x2 -SHA256 = 0x1 -SHA256_SIZE = 32 +SHA = 0x1 PFM_DEF_SIZE = 32 # 32 bytes of PFM header PFM_SPI_SIZE_DEF = 16 # 16 bytes of SPI PFM PFM_SPI_SIZE_HASH = 32 # 32 bytes of SPI region HASH @@ -65,7 +64,7 @@ class pfm_spi(object): self.spi_pfm = PFM_SPI self.spi_prot_mask = prot_mask self.spi_hash_pres = hash_pres - if hash_pres == 1: + if hash_pres != 0: self.spi_hash = hash self.spi_pfm_rsvd = 0xffffffff # b'\xff'*4 self.spi_start_addr = start_addr @@ -84,14 +83,20 @@ class pfm_i2c(object): class pfr_bmc_image(object): # json_file, firmware_file - def __init__(self, manifest, firmware_file, build_ver, build_num, build_hash): + def __init__(self, manifest, firmware_file, build_ver, build_num, build_hash, sha): self.manifest = load_manifest(manifest) self.firmware_file = firmware_file self.build_version = build_ver self.build_number = build_num self.build_hash = build_hash - + self.sha = sha + if self.sha == "2": + SHA = 0x2 + PFM_SPI_SIZE_HASH = 48 + if self.sha == "1": + PFM_SPI_SIZE_HASH = 32 + SHA = 0x1 self.pfr_rom_file = 'image-mtd-pfr' open(self.pfr_rom_file, 'a').close() @@ -102,9 +107,10 @@ class pfr_bmc_image(object): for p in self.manifest['image-parts']: # the json should have in the order- filename, index, offset, size and protection byte self.image_parts.append((p['name'], p['index'], p['offset'], p['size'], p['prot_mask'], p['pfm'], p['hash'], p['compress'])) - - self.act_dgst = hashlib.sha256() - + if self.sha == "1": + self.act_dgst = hashlib.sha256() + if self.sha == "2": + self.act_dgst = hashlib.sha384() # SPI regions PFM array self.pfm_spi_regions = [] self.pfm_bytes = PFM_DEF_SIZE # PFM definition bytes (SPI regions + SMBUS) @@ -166,8 +172,10 @@ class pfr_bmc_image(object): skip = False if hash_flag == 1: - hash_dgst = hashlib.sha256() - + if self.sha == "1": + hash_dgst = hashlib.sha256() + if self.sha == "2": + hash_dgst = hashlib.sha384() for chunk in iter(lambda: f.read(self.page_size), b''): chunk_len = len(chunk) if chunk_len != self.page_size: @@ -203,13 +211,13 @@ class pfr_bmc_image(object): if pfm_flag == 1: self.pfm_bytes += PFM_SPI_SIZE_DEF - hash = bytearray(32) + hash = bytearray(PFM_SPI_SIZE_HASH) hash_pres = 0 if hash_flag == 1: # region's hash hash = hash_dgst.hexdigest() - hash_pres = SHA256 + hash_pres = SHA self.pfm_bytes += PFM_SPI_SIZE_HASH # append to SPI regions in PFM @@ -344,7 +352,7 @@ class pfr_bmc_image(object): f.write(struct.pack('<I', int(i.spi_start_addr))) f.write(struct.pack('<I', int(i.spi_end_addr))) - if i.spi_hash_pres == 1: + if i.spi_hash_pres != 0: f.write(bytearray.fromhex(i.spi_hash)) for r in self.pfm_i2c_rules: @@ -359,8 +367,8 @@ class pfr_bmc_image(object): f.write(b'\xff' * padding_bytes) def main(): - if len(sys.argv) != 6: #< pfr_image.py manifest.json> <update.bin> <build_version> <build_number> <build_hash> - print('usage: {} <manifest.json> <firmware.bin> <build_version> <build_number> <build_hash>'.format(sys.argv[0])) + if len(sys.argv) != 7: #< pfr_image.py manifest.json> <update.bin> <build_version> <build_number> <build_hash> <sha> + print('usage: {} <manifest.json> <firmware.bin> <build_version> <build_number> <build_hash> <sha>'.format(sys.argv[0])) return json_file = sys.argv[1] @@ -368,9 +376,10 @@ def main(): build_ver = sys.argv[3] build_num = sys.argv[4] build_hash = sys.argv[5] + sha = sys.argv[6] # function to generate BMC PFM, PBC header and BMC compressed image - pfr_bmc_image(json_file, firmware_file, build_ver, build_num, build_hash) + pfr_bmc_image(json_file, firmware_file, build_ver, build_num, build_hash, sha) if __name__ == '__main__': main() diff --git a/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/bmc_config.xml b/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/wht/bmc_config.xml index 9e7d3f82d..9e7d3f82d 100644 --- a/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/bmc_config.xml +++ b/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/wht/bmc_config.xml diff --git a/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/csk_prv.pem b/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/wht/csk_prv.pem index a46fa2a2b..a46fa2a2b 100644 --- a/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/csk_prv.pem +++ b/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/wht/csk_prv.pem diff --git a/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/csk_pub.pem b/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/wht/csk_pub.pem index cc70d6e28..cc70d6e28 100644 --- a/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/csk_pub.pem +++ b/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/wht/csk_pub.pem diff --git a/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/pfm_config.xml b/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/wht/pfm_config.xml index 78c816191..19378d1b9 100644 --- a/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/pfm_config.xml +++ b/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/wht/pfm_config.xml @@ -1,48 +1,48 @@ -<?xml version="1.0" encoding="UTF-8"?>
-<!-- XML file for Block Sign Tool -->
-<blocksign>
- <version>1</version>
- <!-- Block 0 -->
- <block0>
- <magic>0xB6EAFD19</magic>
- <pctype>3</pctype>
- </block0>
- <!-- Block 1 -->
- <block1>
- <magic>0xF27F28D7</magic>
- <!-- Root key -->
- <rkey>
- <magic>0xA757A046</magic>
- <curvemagic>0xC7B88C74</curvemagic>
- <permissions>-1</permissions>
- <keyid>-1</keyid>
- <pubkey>rk_pub.pem</pubkey>
- </rkey>
- <!-- Code signing key -->
- <cskey>
- <magic>0x14711C2F</magic>
- <curvemagic>0xC7B88C74</curvemagic>
- <permissions>4</permissions>
- <keyid>1</keyid>
- <pubkey>csk_pub.pem</pubkey>
- <sigmagic>0xDE64437D</sigmagic>
- <hashalg>sha256</hashalg>
- <signkey>rk_prv.pem</signkey>
- <!--<script>./sign_external.sh</script>-->
- </cskey>
- <!-- Signature over Block 0 -->
- <b0_sig>
- <magic>0x15364367</magic>
- <sigmagic>0xDE64437D</sigmagic>
- <hashalg>sha256</hashalg>
- <signkey>csk_prv.pem</signkey>
- </b0_sig>
- </block1>
- <!-- CPLD Bitstream Specific -->
- <padding>
- <!-- Pad block1 such that combined block length is 1024b -->
- <blockpad>1024</blockpad>
- <!-- Align total package to 128 bytes -->
- <align>128</align>
- </padding>
-</blocksign>
+<?xml version="1.0" encoding="UTF-8"?> +<!-- XML file for Block Sign Tool --> +<blocksign> + <version>1</version> + <!-- Block 0 --> + <block0> + <magic>0xB6EAFD19</magic> + <pctype>3</pctype> + </block0> + <!-- Block 1 --> + <block1> + <magic>0xF27F28D7</magic> + <!-- Root key --> + <rkey> + <magic>0xA757A046</magic> + <curvemagic>0xC7B88C74</curvemagic> + <permissions>-1</permissions> + <keyid>-1</keyid> + <pubkey>rk_pub.pem</pubkey> + </rkey> + <!-- Code signing key --> + <cskey> + <magic>0x14711C2F</magic> + <curvemagic>0xC7B88C74</curvemagic> + <permissions>4</permissions> + <keyid>1</keyid> + <pubkey>csk_pub.pem</pubkey> + <sigmagic>0xDE64437D</sigmagic> + <hashalg>sha256</hashalg> + <signkey>rk_prv.pem</signkey> + <!--<script>./sign_external.sh</script>--> + </cskey> + <!-- Signature over Block 0 --> + <b0_sig> + <magic>0x15364367</magic> + <sigmagic>0xDE64437D</sigmagic> + <hashalg>sha256</hashalg> + <signkey>csk_prv.pem</signkey> + </b0_sig> + </block1> + <!-- CPLD Bitstream Specific --> + <padding> + <!-- Pad block1 such that combined block length is 1024b --> + <blockpad>1024</blockpad> + <!-- Align total package to 128 bytes --> + <align>128</align> + </padding> +</blocksign> diff --git a/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/pfr_manifest.json b/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/wht/pfr_manifest.json index b567faa02..c79b7f343 100644 --- a/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/pfr_manifest.json +++ b/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/wht/pfr_manifest.json @@ -125,6 +125,72 @@ "0x89", "0x8C", "0x8D", "0x8E", "0x8F", "0x90", "0x91", "0x92", "0x93", "0x94", "0x95", "0x96", "0x97", "0x98", "0x9A", "0xA6", "0xA7", "0xD0", "0xD3", "0xD4", "0xD5", "0xD6", "0xD7", "0xD8", "0xD9", "0xDC", "0xDD", "0xDE", "0xDE"] + }, + { + "bus-id": 2, + "rule-id": 1, + "address": "0xB4", + "cmd-whitelist": ["0x00"] + }, + { + "bus-id": 2, + "rule-id": 2, + "address": "0xD4", + "cmd-whitelist": ["0x00"] + }, + { + "bus-id": 2, + "rule-id": 3, + "address": "0x4A", + "cmd-whitelist": ["0x00"] + }, + { + "bus-id": 2, + "rule-id": 4, + "address": "0x4C", + "cmd-whitelist": ["0x00"] + }, + { + "bus-id": 2, + "rule-id": 5, + "address": "0xDC", + "cmd-whitelist": ["0x00"] + }, + { + "bus-id": 2, + "rule-id": 6, + "address": "0xEC", + "cmd-whitelist": ["0x00"] + }, + { + "bus-id": 2, + "rule-id": 7, + "address": "0xE0", + "cmd-whitelist": ["0x00"] + }, + { + "bus-id": 2, + "rule-id": 8, + "address": "0xB0", + "cmd-whitelist": ["0x00"] + }, + { + "bus-id": 2, + "rule-id": 9, + "address": "0xC4", + "cmd-whitelist": ["0x00"] + }, + { + "bus-id": 2, + "rule-id": 10, + "address": "0xCC", + "cmd-whitelist": ["0x00"] + }, + { + "bus-id": 2, + "rule-id": 11, + "address": "0xE4", + "cmd-whitelist": ["0x00"] } ] } diff --git a/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/rk_prv.pem b/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/wht/rk_prv.pem index 9e8616795..9e8616795 100644 --- a/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/rk_prv.pem +++ b/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/wht/rk_prv.pem diff --git a/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/rk_pub.pem b/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/wht/rk_pub.pem index 117e08bae..117e08bae 100644 --- a/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/rk_pub.pem +++ b/meta-openbmc-mods/meta-common/recipes-intel/intel-pfr/files/wht/rk_pub.pem |