summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSamuel Mendoza-Jonas <sam@mendozajonas.com>2018-05-17 16:08:06 +1000
committerSamuel Mendoza-Jonas <sam@mendozajonas.com>2018-11-14 14:56:51 +1100
commit6a9c33fe705a479325b47e518f0eedab3239a6b4 (patch)
tree7698ef2c4ce077de9e3afe9e728649a4b87624ae
parent8ad5a5187638153aa88a579128d2b2082e861224 (diff)
downloadtalos-petitboot-6a9c33fe705a479325b47e518f0eedab3239a6b4.zip
talos-petitboot-6a9c33fe705a479325b47e518f0eedab3239a6b4.tar.gz
lib/flash: Check if the partition is signed
In more recent firmware images built by op-build the VERSION partition is signed, and includes a 'secure header'. Check for this and skip it if found so we parse the version strings properly. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
-rw-r--r--lib/flash/flash.c16
1 files changed, 16 insertions, 0 deletions
diff --git a/lib/flash/flash.c b/lib/flash/flash.c
index b7e5b88..3505cb4 100644
--- a/lib/flash/flash.c
+++ b/lib/flash/flash.c
@@ -31,6 +31,8 @@
#include <libflash/file.h>
#include <libflash/ecc.h>
+#define SECURE_BOOT_HEADERS_SIZE 4096
+#define ROM_MAGIC_NUMBER 0x17082011
struct flash_info {
/* Device information */
@@ -148,6 +150,16 @@ out:
return NULL;
}
+/* See stb_is_container() in Skiboot */
+static bool is_signed(char *buffer, uint32_t len)
+{
+ if (!buffer || len <= SECURE_BOOT_HEADERS_SIZE)
+ return false;
+ if (be32_to_cpu(*(uint32_t *)buffer) != ROM_MAGIC_NUMBER)
+ return false;
+ return true;
+}
+
int flash_parse_version(void *ctx, char ***versions, bool current)
{
char *saveptr, *tok, **tmp, *buffer;
@@ -182,6 +194,10 @@ int flash_parse_version(void *ctx, char ***versions, bool current)
goto out;
}
+ /* Check if this partition is signed */
+ if (is_signed(buffer, len))
+ buffer += SECURE_BOOT_HEADERS_SIZE;
+
/* open-power-platform */
tok = strtok_r(buffer, delim, &saveptr);
if (tok) {
OpenPOWER on IntegriCloud