def validate(self): """Normalizes and validates the data in the xml. :raises: RuntimeError if config is determined to be invalid """ _BaseParseGen.validate(self) CoreConfig.validate(self, OBJ_STRUCTURE)
def generate(self, file_path=None): """Generates the config file with the current configuration of the root node. :param str file_path: path to the config file that should be generated with the current data """ logger.note('Generating config file...') CoreConfig.generate(self, file_path, defines.XML_ROOTNODE, defines.XML_NAMESPACE, defines.XML_PREPEND_LINES) logger.note('Generated config file at: ' + file_path)
def set_config_vals(self, args): # args have already been verified, so no need to check if the 5 config options # were passed or not if args.config_tag_name is not None: conf_file_name = None if args.config_file is not None: conf_file_name = args.config_file else: conf_file_name = defines.MBNGEN_CONFIG_FILE config = CoreConfig(auto_gen_xml_config, conf_file_name) for conf in config.root.mbngen_conf.conf: if conf.tag_name == args.config_tag_name: self.parsed_args.image_id = conf.image_id self.parsed_args.header_version = conf.header_version self.parsed_args.image_src = conf.image_src self.parsed_args.image_dest_ptr = conf.image_dest_ptr self.parsed_args.header_length = conf.header_length if conf.header_length != 40 and conf.header_length != 80: raise RuntimeError( "{0} is not a valid mbn header length".format( conf.header_length)) return raise RuntimeError( "tag: {0} was not found in the mbngen configuration file". format(args.config_tag_name))
def _decode_encryption_parameters_blob(self, encryption_params_blob, private_key): encryption_params_blob = self.extract_encryption_parameters( encryption_params_blob)[1] tmp_config_file_path = c_path.store_data_to_temp_file( encryption_params_blob) encryption_params_parser = CoreConfig(auto_gen_ssd_xml_config, tmp_config_file_path).root encrypted_image_encryption_key_base64 = encryption_params_parser.MD_SIGN[ 0].IEK_ENC_INFO[0].IEK_CIPHER_VALUE encrypted_image_encryption_key = binascii.a2b_base64( encrypted_image_encryption_key_base64) if self.iek_enc_algo == IEK_ENC_ALGO_RSA_2048: private_key_pem = crypto.rsa.get_key_in_format( private_key, crypto.utils.FORMAT_PEM) image_encryption_key = crypto.rsa.decrypt( encrypted_image_encryption_key, private_key_pem, padding=crypto.rsa.RSA_PAD_PKCS) else: image_encryption_iv_base64 = encryption_params_parser.MD_SIGN[ 0].IEK_ENC_INFO[0].IEK_ENC_IV image_encryption_iv_bin = binascii.a2b_base64( image_encryption_iv_base64) image_encryption_iv_hex = binascii.hexlify(image_encryption_iv_bin) image_encryption_key = crypto.aes_cbc.decrypt( encrypted_image_encryption_key, binascii.hexlify(private_key), image_encryption_iv_hex) image_encryption_iv_base64 = encryption_params_parser.MD_SIGN[ 0].IMG_ENC_INFO[0].IMG_ENC_IV image_encryption_iv = binascii.a2b_base64(image_encryption_iv_base64) return image_encryption_key, image_encryption_iv
def _decode_encryption_parameters_blob(self, encryption_params_blob, private_key): encryption_params_blob = self.extract_encryption_parameters( encryption_params_blob)[1] tmp_config_file_path = utility_functions.store_data_to_temp_file( encryption_params_blob) encryption_params_parser = CoreConfig(auto_gen_ssd_xml_config, tmp_config_file_path).root encrypted_image_encryption_key_base64 = encryption_params_parser.MD_SIGN[ 0].IEK_ENC_INFO[0].IEK_CIPHER_VALUE encrypted_image_encryption_key = binascii.a2b_base64( encrypted_image_encryption_key_base64) if self.iek_enc_algo == IEK_ENC_ALGO_RSA_2048: image_encryption_key = crypto_functions.decrypt_with_private_der_key( encrypted_image_encryption_key, private_key) else: image_encryption_iv_base64 = encryption_params_parser.MD_SIGN[ 0].IEK_ENC_INFO[0].IEK_ENC_IV image_encryption_iv_bin = binascii.a2b_base64( image_encryption_iv_base64) image_encryption_iv_hex = binascii.hexlify(image_encryption_iv_bin) image_encryption_key = crypto_functions.cbc_decrypt_binary( encrypted_image_encryption_key, binascii.hexlify(private_key), image_encryption_iv_hex) image_encryption_iv_base64 = encryption_params_parser.MD_SIGN[ 0].IMG_ENC_INFO[0].IMG_ENC_IV image_encryption_iv = binascii.a2b_base64(image_encryption_iv_base64) return image_encryption_key, image_encryption_iv
def get_supported_build_policies(policy_file): logger.debug("Getting supported build policies...") root = CoreConfig(policy_parser, policy_file).root # get all the supported build policies build_policies = root.build_policy.policy_enable # loop through supported build policies and get their ids supported_build_policies = [] for build_policy in build_policies: supported_build_policies.append(build_policy.id) return supported_build_policies
def get_supported_secimage_policies(policy_file): logger.debug("Getting supported secimage policies...") root = CoreConfig(policy_parser, policy_file).root # get all the supported secimage policies secimage_policies = root.sec_image_policy.policy # loop through supported secimage policies and get their ids supported_secimage_policies = [] for secimage_policy in secimage_policies: supported_secimage_policies.append(secimage_policy.id) return supported_secimage_policies
def __init__(self, policy_file, env=None): self.env = env self.policy = CoreConfig(policy_parser, policy_file).root self.builderutil = BuilderUtil(env) self.enabled_build_policy = self._get_enabled_build_policy() self.enabled_sec_image_policies = self._get_enabled_sec_image_policies( self.enabled_build_policy) self.enabled_install_policies = self._get_enabled_install_policy( self.enabled_build_policy)
def __init__(self, policy_file, build_policy_id, sign_id, install_base_dir, additional_secimage_policy_ids): root = CoreConfig(policy_parser, policy_file).root self.install_base_dir = install_base_dir # get all the supported build policies supported_build_policies = root.build_policy.policy_enable # loop through supported build policies and check that build_policy_id corresponds to one of the supported build policies self.policy = None supported_build_policy_ids = [] # get build policy based on provided build_policy_id for build_policy in supported_build_policies: supported_build_policy_ids.append(build_policy.id) if build_policy.id == build_policy_id or build_policy.feature_flag.lower() == build_policy_id or "sec_policy_" + build_policy.id == build_policy_id: # found build policy matching specified policy self.policy = build_policy if self.policy is None: # raise error because the provided build_policy_id is not one of the ids specified in the sectools_policy.xml file error_message = "Provided build_policy_id \"{0}\" does not match one of the supported build policy ids: {1}".format(build_policy_id, ", ".join(supported_build_policy_ids)) logger.error(error_message) raise RuntimeError(error_message) # get the sec image policies logger.debug("Getting secimage policies for \"{0}\" build policy...".format(build_policy_id)) self.sec_image_policies, self.sec_image_policy_ids = BuildPolicy._get_policies(root.sec_image_policy.policy, self.policy.sec_image_policy) logger.debug("Secimage policies retrieved for \"{0}\" build policy: {1}".format(build_policy_id, ", ".join(self.sec_image_policy_ids))) # get the sec image policies specified by additional_secimage_policy_ids if additional_secimage_policy_ids: logger.debug("Adding additional secimage policies specified in the environment to the build policy...") additional_secimage_policies, additional_secimage_policy_ids = BuildPolicy._get_policies(root.sec_image_policy.policy, additional_secimage_policy_ids, self.sec_image_policy_ids) # add the additional sec image policies and their ids to the existing sec image lists if additional_secimage_policy_ids: logger.debug("Additional secimage policies added to \"{0}\" build policy: {1}".format(build_policy_id, ", ".join(additional_secimage_policy_ids))) self.sec_image_policies += additional_secimage_policies self.sec_image_policy_ids += additional_secimage_policy_ids # filter out sec image policies that specify an excluded sign_id that matches the provided sign_id BuildPolicy._remove_policies_for_excluded_sign_ids(self.sec_image_policies, self.sec_image_policy_ids, sign_id) # get the install policies logger.debug("Getting install policies for \"{0}\" build policy...".format(build_policy_id)) self.install_policies, self.install_policy_ids = BuildPolicy._get_policies(root.install_policy.policy, self.policy.install_policy) logger.debug("Install policies retrieved for \"{0}\" build policy: {1}".format(build_policy_id, ", ".join(self.install_policy_ids))) # initialize install locations for sec image policies if installation should be performed if self.install_base_dir: BuildPolicy._set_install_locations_for_sec_image_policies(self.install_policies, self.sec_image_policies, self.install_base_dir)
def update_from_data_model(self, data_model): return CoreConfig.transfer(self, data_model, self.root, dm_defines.OBJ_STRUCTURE, dm_defines.ROOTNODE_NAME, self.config_module, defines.XML_CLASSNAME_GEN)
def update_data_model(self, data_model): return CoreConfig.transfer(self, self.root, data_model, dm_defines.OBJ_STRUCTURE, dm_defines.ROOTNODE_NAME, auto_gen_model, dm_defines.OBJ_CLASSNAME_GEN)
def __init__(self, config_path): import auto_gen_fb_config self.config_module = auto_gen_fb_config CoreConfig.__init__(self, auto_gen_fb_config, config_path) self.validate()