You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mynewt.apache.org by cc...@apache.org on 2019/07/03 20:14:43 UTC
[mynewt-artifact] 02/02: mfg: Verify embedded images separately
This is an automated email from the ASF dual-hosted git repository.
ccollins pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mynewt-artifact.git
commit a86ed83af5bab0eeea204b1d02f052b4ddfeef10
Author: Christopher Collins <cc...@apache.org>
AuthorDate: Mon Jul 1 14:29:42 2019 -0700
mfg: Verify embedded images separately
Prior to this commit, the `"mfg".Mfg.VerifyManifest()` function
attempted to verify all of an mfg's embedded images. This resulted in a
clunky and unfriendly API:
* The caller was required to pass in a set of public signing keys and
private encryption keys.
* There was no way to verify the manifest without also checking the
embedded images. E.g., if the caller doesn't have access to encryption
keys, this function would fail even if the mfgimage is correct.
Now `VerifyManifest()` does not verify the embedded images. To verify
the embedded images, the caller should call `"mfg".Mfg.ExtractImages()`
and call the image verification functions on each image separately.
---
mfg/mfg.go | 41 +++++++++++++++++++++++++++++++++++++++++
mfg/verify.go | 42 +++++++-----------------------------------
2 files changed, 48 insertions(+), 35 deletions(-)
diff --git a/mfg/mfg.go b/mfg/mfg.go
index 2667003..b46fd4f 100644
--- a/mfg/mfg.go
+++ b/mfg/mfg.go
@@ -24,6 +24,8 @@ import (
"github.com/apache/mynewt-artifact/errors"
"github.com/apache/mynewt-artifact/flash"
+ "github.com/apache/mynewt-artifact/image"
+ "github.com/apache/mynewt-artifact/manifest"
)
const MFG_BIN_IMG_FILENAME = "mfgimg.bin"
@@ -210,3 +212,42 @@ func (m *Mfg) Tlvs() []MetaTlv {
return m.Meta.Tlvs
}
}
+
+func (m *Mfg) extractImage(area flash.FlashArea, eraseVal byte) (image.Image, error) {
+ bin, err := m.ExtractFlashArea(area, eraseVal)
+ if err != nil {
+ return image.Image{}, err
+ }
+
+ img, err := image.ParseImage(bin)
+ if err != nil {
+ return image.Image{}, errors.Wrapf(err,
+ "failed to extract image from mfgimage; area=\"%s\"", area.Name)
+ }
+
+ return img, nil
+}
+
+// Constructs the set of images embedded in an mfgimage.
+func (m *Mfg) ExtractImages(man manifest.MfgManifest) ([]image.Image, error) {
+ var imgs []image.Image
+ for _, t := range man.Targets {
+ fa := man.FindFlashAreaDevOff(man.Device, t.Offset)
+ if fa == nil {
+ return nil, errors.Errorf(
+ "no flash area in mfgimage corresponding to target \"%s\"",
+ t.Name)
+ }
+
+ if !t.IsBoot() {
+ img, err := m.extractImage(*fa, man.EraseVal)
+ if err != nil {
+ return nil, err
+ }
+
+ imgs = append(imgs, img)
+ }
+ }
+
+ return imgs, nil
+}
diff --git a/mfg/verify.go b/mfg/verify.go
index cff0a79..5d660d1 100644
--- a/mfg/verify.go
+++ b/mfg/verify.go
@@ -25,7 +25,6 @@ import (
"github.com/apache/mynewt-artifact/errors"
"github.com/apache/mynewt-artifact/flash"
- "github.com/apache/mynewt-artifact/image"
"github.com/apache/mynewt-artifact/manifest"
"github.com/apache/mynewt-artifact/sec"
)
@@ -123,37 +122,6 @@ func (m *Mfg) validateManMmrs(man manifest.MfgManifest) error {
return nil
}
-func (m *Mfg) validateManTargets(man manifest.MfgManifest) error {
- for _, t := range man.Targets {
- fa := man.FindFlashAreaDevOff(man.Device, t.Offset)
- if fa == nil {
- return errors.Errorf(
- "no flash area in mfgimage corresponding to target \"%s\"",
- t.Name)
- }
-
- data, err := m.ExtractFlashArea(*fa, man.EraseVal)
- if err != nil {
- return err
- }
-
- if !t.IsBoot() {
- img, err := image.ParseImage(data)
- if err != nil {
- return errors.Wrapf(err,
- "error parsing build \"%s\" embedded in mfgimage", t.Name)
- }
-
- if err := img.VerifyStructure(); err != nil {
- return errors.Wrapf(err,
- "mfgimage contains invalid build \"%s\"", t.Name)
- }
- }
- }
-
- return nil
-}
-
// VerifyStructure checks an mfgimage's structure and internal consistency. It
// returns an error if the mfgimage is incorrect.
func (m *Mfg) VerifyStructure(eraseVal byte) error {
@@ -213,9 +181,13 @@ func (m *Mfg) VerifyManifest(man manifest.MfgManifest) error {
return err
}
- // Verify each embedded build.
- if err := m.validateManTargets(man); err != nil {
- return err
+ // Make sure each target is fully present.
+ for _, t := range man.Targets {
+ if man.FindFlashAreaDevOff(man.Device, t.Offset) == nil {
+ return errors.Errorf(
+ "no flash area in mfgimage corresponding to target \"%s\"",
+ t.Name)
+ }
}
return nil