gaoyang3513/SDK_RK3288
Template
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[system/core] secure boot: add SHA256 support for boot,recovery image

Browse Source 
Signed-off-by: Firefly <service@t-firefly.com>
This commit is contained in:
Firefly
2016-01-14 10:09:45 +08:00
committed by cjp
parent f539da16fe
commit 90509a487d
3 changed files with 25 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
system/core/mkbootimg/Android.mk
View File

@ -13,7 +13,6 @@ LOCAL_CFLAGS := -DTARGET_ROCKCHIP_RECOVERY=true
else
LOCAL_CFLAGS := -DTARGET_ROCKCHIP_RECOVERY=false
endif
include $(BUILD_HOST_EXECUTABLE)
$(call dist-for-goals,dist_files,$(LOCAL_BUILT_MODULE))

4
system/core/mkbootimg/bootimg.h
View File

@ -49,6 +49,10 @@ struct boot_img_hdr
unsigned id[8]; /* timestamp / checksum / sha1 / etc */
unsigned unused2[3]; /* future expansion: should be 0 */
unsigned sha_ext_flag; /* sha 256 or sha 512*/
unsigned sha_ext[16]; /* sha 256 or sha 512*/
/* Supplemental command line data; kept here to maintain
* binary compatibility with older versions of mkbootimg */
unsigned char extra_cmdline[BOOT_EXTRA_ARGS_SIZE];

21
system/core/mkbootimg/mkbootimg.c
View File

@ -23,6 +23,7 @@
#include <errno.h>
#include "mincrypt/sha.h"
#include "mincrypt/sha256.h"
#include "bootimg.h"
static void *load_file(const char *fn, unsigned *_sz)
@ -112,6 +113,7 @@ int main(int argc, char **argv)
#endif
int fd;
SHA_CTX ctx;
SHA256_CTX ctx256;
const uint8_t* sha;
unsigned base = 0x10000000;
unsigned kernel_offset = 0x00008000;
@ -264,6 +266,25 @@ int main(int argc, char **argv)
memcpy(hdr.id, sha,
SHA_DIGEST_SIZE > sizeof(hdr.id) ? sizeof(hdr.id) : SHA_DIGEST_SIZE);
hdr.sha_ext_flag = 256;
SHA256_init(&ctx256);
SHA256_update(&ctx256, kernel_data, hdr.kernel_size);
SHA256_update(&ctx256, &hdr.kernel_size, sizeof(hdr.kernel_size));
SHA256_update(&ctx256, ramdisk_data, hdr.ramdisk_size);
SHA256_update(&ctx256, &hdr.ramdisk_size, sizeof(hdr.ramdisk_size));
SHA256_update(&ctx256, second_data, hdr.second_size);
SHA256_update(&ctx256, &hdr.second_size, sizeof(hdr.second_size));
#if TARGET_ROCKCHIP_RECOVERY == true
SHA256_update(&ctx256, &hdr.tags_addr, sizeof(hdr.tags_addr));
SHA256_update(&ctx256, &hdr.page_size, sizeof(hdr.page_size));
SHA256_update(&ctx256, &hdr.unused, sizeof(hdr.unused));
SHA256_update(&ctx256, &hdr.name, sizeof(hdr.name));
SHA256_update(&ctx256, &hdr.cmdline, sizeof(hdr.cmdline));
#endif
sha = SHA256_final(&ctx256);
memcpy(hdr.sha_ext, sha,
SHA256_DIGEST_SIZE > sizeof(hdr.sha_ext) ? sizeof(hdr.sha_ext) : SHA256_DIGEST_SIZE);
fd = open(bootimg, O_CREAT | O_TRUNC | O_WRONLY, 0644);
if(fd < 0) {
fprintf(stderr,"error: could not create '%s'\n", bootimg);