diff options
author | Ed Tanous <ed.tanous@intel.com> | 2019-02-14 03:51:50 +0300 |
---|---|---|
committer | Ed Tanous <ed.tanous@intel.com> | 2019-03-13 00:58:57 +0300 |
commit | a7715486507e75e4a7cee843a48067b15595defa (patch) | |
tree | 9fd209d468c42cfb6553a50e2523c1d7e1fb120a /meta-openbmc-mods/meta-common/recipes-phosphor/flash | |
parent | 9b44ea7e2de71224bce792654cab12b7a5ceaa7d (diff) | |
download | openbmc-a7715486507e75e4a7cee843a48067b15595defa.tar.xz |
Initial commit of intel repository
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Diffstat (limited to 'meta-openbmc-mods/meta-common/recipes-phosphor/flash')
3 files changed, 149 insertions, 0 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/flash/phosphor-software-manager/0001-image_verify-Add-support-for-OpenSSL-1.1.0.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/flash/phosphor-software-manager/0001-image_verify-Add-support-for-OpenSSL-1.1.0.patch new file mode 100644 index 000000000..c5850473c --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/flash/phosphor-software-manager/0001-image_verify-Add-support-for-OpenSSL-1.1.0.patch @@ -0,0 +1,130 @@ +From fa124c7944088624d40d6b265bac0651bd8235bb Mon Sep 17 00:00:00 2001 +From: Adriana Kobylak <anoo@us.ibm.com> +Date: Thu, 6 Sep 2018 13:15:34 -0500 +Subject: [PATCH] image_verify: Add support for OpenSSL 1.1.0 + +With OpenSSL 1.1.0, some of the functions were renamed, for +example EVP_MD_CTX_create() and EVP_MD_CTX_destroy() were +renamed to EVP_MD_CTX_new() and EVP_MD_CTX_free(). +Reference: https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes +Abstract them to support old and new APIs. + +Resolves openbmc/openbmc#3136 + +Tested: Verified the signature verification was successful. + +Change-Id: I2297243fdd652055fe9ea88f26eb2dcf473d24e6 +Signed-off-by: Adriana Kobylak <anoo@us.ibm.com> + +%% original patch: 0001-image_verify-Add-support-for-OpenSSL-1.1.0.patch +--- + Makefile.am | 8 ++++++-- + image_verify.cpp | 2 +- + image_verify.hpp | 1 + + utils.cpp | 29 +++++++++++++++++++++++++++++ + utils.hpp | 15 +++++++++++++++ + 5 files changed, 52 insertions(+), 3 deletions(-) + create mode 100644 utils.cpp + create mode 100644 utils.hpp + +diff --git a/Makefile.am b/Makefile.am +index adba0e4..21b556f 100755 +--- a/Makefile.am ++++ b/Makefile.am +@@ -42,8 +42,12 @@ phosphor_image_updater_SOURCES = \ + include ubi/Makefile.am.include + + if WANT_SIGNATURE_VERIFY_BUILD +-noinst_HEADERS += image_verify.hpp +-phosphor_image_updater_SOURCES += image_verify.cpp ++noinst_HEADERS += \ ++ image_verify.hpp \ ++ utils.hpp ++phosphor_image_updater_SOURCES += \ ++ image_verify.cpp \ ++ utils.cpp + endif + + if WANT_SYNC +diff --git a/image_verify.cpp b/image_verify.cpp +index 7d59910..ba6b24d 100644 +--- a/image_verify.cpp ++++ b/image_verify.cpp +@@ -216,7 +216,7 @@ bool Signature::verifyFile(const fs::path& file, const fs::path& sigFile, + EVP_PKEY_assign_RSA(pKeyPtr.get(), publicRSA); + + // Initializes a digest context. +- EVP_MD_CTX_Ptr rsaVerifyCtx(EVP_MD_CTX_create(), ::EVP_MD_CTX_destroy); ++ EVP_MD_CTX_Ptr rsaVerifyCtx(EVP_MD_CTX_new(), ::EVP_MD_CTX_free); + + // Adds all digest algorithms to the internal table + OpenSSL_add_all_digests(); +diff --git a/image_verify.hpp b/image_verify.hpp +index cbd0e39..22ee5f9 100644 +--- a/image_verify.hpp ++++ b/image_verify.hpp +@@ -1,4 +1,5 @@ + #pragma once ++#include "utils.hpp" + #include <openssl/rsa.h> + #include <openssl/evp.h> + #include <openssl/pem.h> +diff --git a/utils.cpp b/utils.cpp +new file mode 100644 +index 0000000..95fc2e0 +--- /dev/null ++++ b/utils.cpp +@@ -0,0 +1,29 @@ ++#include "utils.hpp" ++ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ ++#include <string.h> ++ ++static void* OPENSSL_zalloc(size_t num) ++{ ++ void* ret = OPENSSL_malloc(num); ++ ++ if (ret != NULL) ++ { ++ memset(ret, 0, num); ++ } ++ return ret; ++} ++ ++EVP_MD_CTX* EVP_MD_CTX_new(void) ++{ ++ return (EVP_MD_CTX*)OPENSSL_zalloc(sizeof(EVP_MD_CTX)); ++} ++ ++void EVP_MD_CTX_free(EVP_MD_CTX* ctx) ++{ ++ EVP_MD_CTX_cleanup(ctx); ++ OPENSSL_free(ctx); ++} ++ ++#endif // OPENSSL_VERSION_NUMBER < 0x10100000L +diff --git a/utils.hpp b/utils.hpp +new file mode 100644 +index 0000000..90569bf +--- /dev/null ++++ b/utils.hpp +@@ -0,0 +1,15 @@ ++#pragma once ++ ++// With OpenSSL 1.1.0, some functions were deprecated. Need to abstract them ++// to make the code backward compatible with older OpenSSL veresions. ++// Reference: https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ ++#include <openssl/evp.h> ++ ++extern "C" { ++EVP_MD_CTX* EVP_MD_CTX_new(void); ++void EVP_MD_CTX_free(EVP_MD_CTX* ctx); ++} ++ ++#endif // OPENSSL_VERSION_NUMBER < 0x10100000L +-- +2.7.4 + diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/flash/phosphor-software-manager/fwupd@.service b/meta-openbmc-mods/meta-common/recipes-phosphor/flash/phosphor-software-manager/fwupd@.service new file mode 100644 index 000000000..d51fee312 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/flash/phosphor-software-manager/fwupd@.service @@ -0,0 +1,8 @@ +[Unit]
+Description=Flash BMC with fwupd script : %I
+
+[Service]
+Type=oneshot
+RemainAfterExit=no
+ExecStart=/usr/bin/fwupd.sh file:////tmp/images/%i/image-runtime
+SyslogIdentifier=fwupd
\ No newline at end of file diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/flash/phosphor-software-manager_%.bbappend b/meta-openbmc-mods/meta-common/recipes-phosphor/flash/phosphor-software-manager_%.bbappend new file mode 100644 index 000000000..9c3c3ee37 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/flash/phosphor-software-manager_%.bbappend @@ -0,0 +1,11 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" +EXTRA_OECONF += "--enable-fwupd_script" + +SYSTEMD_SERVICE_${PN}-updater += "fwupd@.service" + +SRC_URI_remove = "git://github.com/openbmc/phosphor-bmc-code-mgmt" +SRC_URI += "git://git-amr-2.devtools.intel.com:29418/openbmc-phosphor-bmc-code-mgmt;protocol=ssh" +SRCREV = "f8f76c29dbe2806a6eacd15847563cdf7f7567f4" + +#Currently enforcing image signature validation only for PFR images +PACKAGECONFIG_append = "${@bb.utils.contains('IMAGE_TYPE', 'pfr', ' verify_signature', '', d)}" |