def bind(cls, config):
if len(config.valid_serial_numbers) == 1:
config.general_properties.use_serial_number_in_signing = 1
config.general_properties.serial_number = config.valid_serial_numbers[0]
config.general_properties.multi_serial_numbers = \
complex_multi_serial_numbers([])
super(SingleSerialBound, cls).bind(config)
def c_update_overrides(self):
# Update override options
for tag, override in self.overrides.root.children.items():
if not override.is_simple and tag != MULTI_SERIAL_NUMBERS_TAG:
continue
value_to_set = getattr(self.parsed_args,
self.override_prefix + tag)
if value_to_set is not None:
try:
if tag == MULTI_SERIAL_NUMBERS_TAG:
override.value = complex_multi_serial_numbers(
value_to_set.split())
else:
override.set_string_value(value_to_set)
except RuntimeError as e:
raise RuntimeError(tag + ' ' + str(e))
# Update special overrides
for tag, override in self.spec_overrides.root.children.items():
value_to_set = getattr(self.parsed_args,
self.spec_override_prefix + tag)
if value_to_set is not None:
try:
override.set_string_value(value_to_set)
except RuntimeError as e:
raise RuntimeError(tag + ' ' + str(e))
def decorated(cls, config):
if len(config.valid_serial_numbers) > 1:
debug = int(config.general_properties.debug, 16)
if unconditional:
# Debug enabled unconditionally, bound to one or more serial numbers
debug = cls.debug_enablement_value
config.general_properties.debug = "0x%016X" % debug
if debug == cls.debug_enablement_value:
config.general_properties.multi_serial_numbers = \
complex_multi_serial_numbers(config.valid_serial_numbers)
func(cls, config)
def decorated(cls, config):
if len(config.valid_serial_numbers) == 1:
debug = int(config.general_properties.debug, 16)
if unconditional:
# Debug enabled unconditionally, bound to one serial number
debug = cls.debug_enablement_value
if debug == cls.debug_enablement_value:
debug |= int(config.valid_serial_numbers[0], 16) << 32
config.general_properties.debug = "0x%016X" % debug
config.general_properties.multi_serial_numbers = \
complex_multi_serial_numbers([])
func(cls, config)
def bind(cls, config):
""" Update signing attributes pertaining to serial-binding.
The affected attributes are:
* use_serial_number_in_signing - always set to 1
* multi_serial_numbers - all serial numbers go here
* serial_number - set to 0 to avoid any potential ambiguity
downstream when signer puts together the meta data
In addition to all the signing attributes above, the following
serial-binding attributes can benefit, without any code change:
* debug
* uie_key_switch_enable
* root_revoke_activate_enable
"""
config.general_properties.use_serial_number_in_signing = 1
config.general_properties.multi_serial_numbers = \
complex_multi_serial_numbers(config.valid_serial_numbers)
config.general_properties.serial_number = "0x%08x" % 0
super(Secboot3FeatureSet1, cls).bind(config)
def c_update_overrides(self):
# Update override options
serial_numbers_override = None
for tag, override in self.overrides.root.children.items():
if not override.is_simple and tag != MULTI_SERIAL_NUMBERS_TAG:
continue
value_to_set = getattr(self.parsed_args,
self.override_prefix + tag)
try:
if tag == MULTI_SERIAL_NUMBERS_TAG:
if value_to_set is not None:
override.value = auto_gen_xml_config.complex_multi_serial_numbers(
value_to_set.split())
serial_numbers_value = getattr(self.parsed_args,
SERIAL_NUMBERS)
if serial_numbers_value is not None and serial_numbers_value != DISABLE_SERIAL_BINDING:
serial_numbers_override = DataDetail(
DataType.String, StringHandler(DataHandler()), '')
serial_numbers_override.set_string_value(
serial_numbers_value)
elif value_to_set is not None:
override.set_string_value(value_to_set)
except RuntimeError as e:
raise RuntimeError(tag + ' ' + str(e))
if serial_numbers_override:
self.overrides.root.children[
SERIAL_NUMBERS] = serial_numbers_override
# Update special overrides
for tag, override in self.spec_overrides.root.children.items():
value_to_set = getattr(self.parsed_args,
self.spec_override_prefix + tag)
if value_to_set is not None:
try:
override.set_string_value(value_to_set)
except RuntimeError as e:
raise RuntimeError(tag + ' ' + str(e))
def append_serial_numbers(self,
serial_numbers,
multi_serial_numbers,
always_append=False):
""" Append serial_numbers to multi_serial_numbers.
:param serial_numbers: str type
It is a command-line --serial_numbers user input.
:param multi_serial_numbers: str type
It could come from three sources:
1. general_properties
2. per-image general_properties_overrides
3. command-line --cfg_multi_serial_numbers user input
The command-line --cfg_multi_serial_numbers overrides all others.
:param always_append: bool type
When True, append serial_numbers even when multi_serial_numbers does not
exist. It means a new multi_serial_numbers object is created.
When False, serial_numbers are appended only when multi_serial_numbers exist.
:return: The resulting multi_serial_numbers object.
"""
if serial_numbers is None:
# No serial_numbers tag. So nothing to append.
return multi_serial_numbers
try:
no_multi_serial_numbers = not multi_serial_numbers.serial
except AttributeError:
no_multi_serial_numbers = True
if no_multi_serial_numbers:
if always_append:
# Return a brand new multi_serial_numbers object.
return auto_gen_xml_config.complex_multi_serial_numbers(
serial_numbers.value.split())
# No appending is needed.
return multi_serial_numbers
# Append serial_numbers to the existing multi_serial_numbers.
multi_serial_numbers.serial.extend(serial_numbers.value.split())
return multi_serial_numbers
def sanitize_serial_numbers(self):
""" Sanitize all general properties related to serial numbers.
Specifically
1. Pool all unique non-zero serial numbers.
2. Assign them to their respective attributes
"""
serial_numbers = []
multi_serial_number_count = 0
if self.general_properties.multi_serial_numbers is not None:
serial_numbers = remove_duplicates_ordered(
*self.general_properties.multi_serial_numbers.serial)
multi_serial_number_count = len(serial_numbers)
if self.general_properties.secboot_version in (SECBOOT_VERSION_1_0,
SECBOOT_VERSION_2_0):
max_serial_number_count = MAX_NUM_SERIALS_MAP[SECBOOT_VERSION_2_0]
else:
max_serial_number_count = MAX_NUM_SERIALS_MAP[SECBOOT_VERSION_3_0]
# This is rudimentary max serial number count check, simply to ensure that
# the certificate OU[SN] field spec is not violated.
if len(serial_numbers) > max_serial_number_count:
verb_be = "is" if max_serial_number_count == 1 else "are"
raise RuntimeError(
"{0} serials were provided. A maximum of {1} {2} allowed.".
format(len(serial_numbers), max_serial_number_count, verb_be))
if self.verbatim_config:
if self.general_properties.use_serial_number_in_signing == 1:
if self.general_properties.secboot_version in (
SECBOOT_VERSION_1_0, SECBOOT_VERSION_2_0):
if self.general_properties.serial_number is None or int(
self.general_properties.serial_number, 16) == 0:
raise RuntimeError(
"serial_number must be set when use_serial_number_in_signing "
"is enabled.".format(
self.general_properties.secboot_version))
elif self.general_properties.secboot_version == SECBOOT_VERSION_3_0:
if multi_serial_number_count == 0:
raise RuntimeError(
"multi_serial_numbers must be set with at least one non-zero "
"serial number when use_serial_number_in_signing is enabled."
)
self.valid_serial_numbers = []
else:
if self.disable_serial_binding:
self.valid_serial_numbers = []
else:
if self.general_properties.serial_number is not None:
serial_numbers.append(
self.general_properties.serial_number)
for attr_name in (cfgdef.DEBUG_TAG, cfgdef.ROT_EN_TAG,
cfgdef.ACTIVATION_ENABLEMENT_TAG,
cfgdef.REVOCATION_ENABLEMENT_TAG,
cfgdef.ROOT_REVOKE_ACTIVATE_ENABLE_TAG,
cfgdef.UIE_KEY_SWITCH_ENABLE_TAG):
# All the signing attributes listed in the for-loop have default values.
attr_value = getattr(self.general_properties, attr_name)
# Save the serial number bound to the signing attribute.
serial_numbers.append(attr_value[:-8])
# Remove any serial numbers already bound to the signing attributes, while
# coalescing all the serial numbers. All serial-binding signing attributes
# will only reflect their state, for example enable or disable. This is
# to pave the way for the downstream logic to complete the serial-binding
# operations.
setattr(self.general_properties, attr_name,
("0x%08x" % 0) + attr_value[-8:])
self.valid_serial_numbers = remove_duplicates_ordered(
*serial_numbers)
if self.valid_serial_numbers:
chipset_profile = ChipsetProfile(
self.general_properties.secboot_version,
self.general_properties.in_use_soc_hw_version,
self.general_properties.msm_part,
getattr(self.general_properties, "soc_vers",
[]), self.general_properties.soc_hw_version,
self.platform_binding == PLATFORM_BINDING_INDEPENDENT)
with SerialBoundFeatureSetContextManager(
chipset_profile,
self.valid_serial_numbers) as feature_set:
feature_set.bind(self)
else:
self.general_properties.use_serial_number_in_signing = 0
self.general_properties.serial_number = "0x%08x" % 0
self.general_properties.multi_serial_numbers = complex_multi_serial_numbers(
[])
def bind(cls, config):
config.general_properties.use_serial_number_in_signing = 0
config.general_properties.multi_serial_numbers = \
complex_multi_serial_numbers(config.valid_serial_numbers)
super(SingleMultiSerialBound, cls).bind(config)
