Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update image-builder to output a hashes file. #1884

Merged
merged 1 commit into from
Jan 14, 2025
Merged

Update image-builder to output a hashes file. #1884

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 3 additions & 0 deletions builder/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,11 @@ caliptra-image-types.workspace = true
clap.workspace = true
elf.workspace = true
hex.workspace = true
memoffset.workspace = true
nix.workspace = true
once_cell.workspace = true
serde_json.workspace = true
sha2.workspace = true
zerocopy.workspace = true

[features]
Expand Down
31 changes: 30 additions & 1 deletion builder/bin/image_gen.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,12 @@
use caliptra_builder::firmware;
use caliptra_builder::version;
use caliptra_builder::ImageOptions;
use caliptra_image_types::ImageHeader;
use caliptra_image_types::ImageManifest;
use clap::{arg, value_parser, Command};
use memoffset::{offset_of, span_of};
use serde_json::{json, to_string_pretty};
use sha2::{Digest, Sha384};
use std::collections::HashSet;
use std::path::PathBuf;

Expand Down Expand Up @@ -33,6 +38,10 @@ fn main() {
)
.arg(arg!(--"fake-rom" [FILE] "Fake ROM").value_parser(value_parser!(PathBuf)))
.arg(arg!(--"fake-fw" [FILE] "Fake FW bundle image").value_parser(value_parser!(PathBuf)))
.arg(
arg!(--"hashes" [FILE] "File path for output JSON file containing image bundle header hashes for external signing tools")
.value_parser(value_parser!(PathBuf)),
)
.get_matches();

if let Some(path) = args.get_one::<PathBuf>("rom-no-log") {
Expand Down Expand Up @@ -75,7 +84,27 @@ fn main() {
},
)
.unwrap();
std::fs::write(path, image.to_bytes().unwrap()).unwrap();

let contents = image.to_bytes().unwrap();
std::fs::write(path, contents.clone()).unwrap();

if let Some(path) = args.get_one::<PathBuf>("hashes") {
let header_range = span_of!(ImageManifest, header);

// Get the vendor digest which is taken from a subset of the header
let vendor_header_len = offset_of!(ImageHeader, owner_data);
let vendor_range = header_range.start..header_range.start + vendor_header_len;
let vendor_digest = Sha384::digest(&contents[vendor_range]);

// Get the owner digest which is the full header
let owner_digest = Sha384::digest(&contents[header_range]);

let json = json!({
"vendor": format!("{vendor_digest:02x}"),
"owner": format!("{owner_digest:02x}"),
});
std::fs::write(path, to_string_pretty(&json).unwrap()).unwrap();
}
}

if let Some(path) = args.get_one::<PathBuf>("fake-fw") {
Expand Down
Loading