def _validate_sign(self, dp_file, rootcerthash=None, sign_id=None):
"""Validate the given debugpolicy elf file.
"""
# Initialize SecImageCore
isc = SecImageCore(debug=self.debug)
isc.config_path = self.secimage_config
if self.authority is not None:
isc.authority = self.authority
# Get the supported sign_id list
sign_id_list = isc._img_config_parser.sign_id_list
# Validating signed images & signed image(in case of one image) for sign_ids available in sign_id list
if sign_id is None:
if len(dp_file) > 1:
for sign in range(len(dp_file)):
logger.info(
'\nValidating debugpolicy signed file against ' +
sign_id_list[sign] + ' signature..')
isc.set_image_path(dp_file[sign], sign_id_list[sign])
isc.output_dir = os.path.dirname(dp_file[sign])
isc.image_info_list[0].dest_image.image_dir_ext = ''
# Process the signed elf
isc.process(val_sign=True, root_cert_hash=rootcerthash)
if os.path.isfile(
c_path.join(self.output_dir, 'SecImage_log.txt')):
shutil.move(
c_path.join(self.output_dir, 'SecImage_log.txt'),
c_path.join(self.output_dir,
('val_' + sign_id_list[sign] +
'_secimage_log.txt')))
else:
for sign in range(len(sign_id_list)):
logger.info(
'\nValidating debugpolicy signed file against ' +
sign_id_list[sign] + ' signature..')
isc.set_image_path(dp_file[0], sign_id_list[sign])
isc.output_dir = os.path.dirname(dp_file[0])
isc.image_info_list[0].dest_image.image_dir_ext = ''
# Process the signed elf
isc.process(val_sign=True, root_cert_hash=rootcerthash)
if os.path.isfile(
c_path.join(self.output_dir, 'SecImage_log.txt')):
shutil.move(
c_path.join(self.output_dir, 'SecImage_log.txt'),
c_path.join(self.output_dir,
('val_' + sign_id_list[sign] +
'_secimage_log.txt')))
# Validating signed image for given sign_id
else:
if sign_id not in sign_id_list:
raise RuntimeError('Received sign_id "' + sign_id +
'" as input.' + '\n'
" Supported sign_id's are: " +
str(sign_id_list))
logger.info('\nValidating debugpolicy signed file against ' +
sign_id + ' signature..')
isc.set_image_path(dp_file[0], sign_id)
isc.output_dir = os.path.dirname(dp_file[0])
isc.image_info_list[0].dest_image.image_dir_ext = ''
# Process the signed elf
isc.process(val_sign=True, root_cert_hash=rootcerthash)
if os.path.isfile(c_path.join(self.output_dir,
'SecImage_log.txt')):
shutil.move(
c_path.join(self.output_dir, 'SecImage_log.txt'),
c_path.join(self.output_dir,
('val_' + sign_id + '_secimage_log.txt')))
def main(args, return_isc=False):
"""Parses the command line arguments, performs any basic operations based on
the parsed arguments and starts processing using the isc module.
"""
# Log to file
flids = logger.log_to_file(SECIMAGE_TOOL_NAME, args.output_dir)
try:
# Print the tool's launch command
logged_args = CoreOptionParser.mask_private_args(
sys.argv, args._c_spec_override_prefix)
logger.info('\n\n SecImage launched as: "' + ' '.join(logged_args) +
'"\n')
# Initialize SecImageCore
isc = SecImageCore(debug=args.debug)
# Configure image signer
if args.image_file or (
args.meta_build
and not SecImageCore.meta_supports_sign_id(args.meta_build)):
if args.chipset:
isc.set_chipset(args.chipset, args._c_overrides,
args._c_spec_overrides)
elif args.config_path:
isc.set_config_path(args.config_path, args._c_overrides,
args._c_spec_overrides)
# Set the input
if args.image_file:
isc.set_image_path(args.image_file, args.sign_id)
elif args.meta_build:
isc.set_meta_build_path(
args.meta_build,
[] if args.sign_id is None else [args.sign_id])
# Set the output
if args.mini_build:
isc.mini_build_path = args.mini_build
elif args.output_dir:
isc.output_dir = args.output_dir
if args.qc_signing:
isc.authority = AUTHORITY_QC
# Process the images
isc.process(verify_setup=args.verify_inputs,
integrity_check=args.integrity_check,
sign=args.sign,
encrypt=args.encrypt,
decrypt=args.decrypt,
val_image=args.validate,
val_integrity_check=args.validate,
val_sign=args.validate,
val_encrypt=args.validate,
root_cert_hash=args.rch)
# Print the summary
print_summary(args, isc.image_info_list)
if return_isc:
return isc
else:
return isc.image_info_list
finally:
# Clear all log handlers
logger.removeFileLogger(flids)
def sign(self, dp_file, sign_id=None):
"""Sign the given debugpolicy elf file.
"""
try:
self.input_file_list.pop()
except:
pass
# Initialize SecImageCore
isc = SecImageCore(debug=self.debug)
isc.config_path = self.secimage_config
if self.authority is not None:
isc.authority = self.authority
# Get the supported sign_id list
sign_id_list = isc._img_config_parser.sign_id_list
# Generating signed images for sign_ids available in sign_id list
if sign_id is None:
for sign in range(len(sign_id_list)):
isc.set_image_path(dp_file, sign_id_list[sign])
isc.output_dir = os.path.dirname(dp_file)
isc.image_info_list[0].dest_image.image_dir_ext = ''
# Process the debug policy
isc.process(sign=True)
# Check if the signing is done or not
if not isc.image_info_list[
0].status.sign.state == isc.image_info_list[
0].status.sign.SUCCESS:
raise RuntimeError(
'Failed to sign the debugpolicy elf file: ' +
isc.image_info_list[0].image_under_operation)
logger.info('Signed debugpolicy elf file at: ' +
isc.image_info_list[0].image_under_operation)
self.input_file_list.append(
isc.image_info_list[0].image_under_operation)
if os.path.isfile(
c_path.join(self.output_dir, 'SecImage_log.txt')):
shutil.move(
c_path.join(self.output_dir, 'SecImage_log.txt'),
c_path.join(
self.output_dir,
(sign_id_list[sign] + '_secimage_log.txt')))
# Generating signed image for given sign_id
else:
if sign_id not in sign_id_list:
raise RuntimeError('Received sign_id "' + sign_id +
'" as input.' + '\n'
" Supported sign_id's are: " +
str(sign_id_list))
isc.set_image_path(dp_file, sign_id)
isc.output_dir = os.path.dirname(dp_file)
isc.image_info_list[0].dest_image.image_dir_ext = ''
# Process the debug policy
isc.process(sign=True)
# Check if the signing is done or not
if not isc.image_info_list[
0].status.sign.state == isc.image_info_list[
0].status.sign.SUCCESS:
raise RuntimeError(
'Failed to sign the debugpolicy elf file: ' +
isc.image_info_list[0].image_under_operation)
logger.info('Signed debugpolicy elf file at: ' +
isc.image_info_list[0].image_under_operation)
self.input_file_list.append(
isc.image_info_list[0].image_under_operation)
if os.path.isfile(c_path.join(self.output_dir,
'SecImage_log.txt')):
shutil.move(
c_path.join(self.output_dir, 'SecImage_log.txt'),
c_path.join(self.output_dir,
(sign_id + '_secimage_log.txt')))