diff --git a/configure.ac b/configure.ac index 4d549ee4..2fe1934d 100644 --- a/configure.ac +++ b/configure.ac @@ -31,12 +31,12 @@ dnl Process this file with autoconf to produce a configure script. -AC_INIT(mstflint, 4.21.0, eranj@mellanox.co.il) +AC_INIT(mstflint, 4.22.0, akiselman-org@exchange.nvidia.com) AC_DEFINE_UNQUOTED([PROJECT], ["mstflint"], [Define the project name.]) AC_SUBST([PROJECT]) -AC_DEFINE_UNQUOTED([VERSION], ["4.21.0"], [Define the project version.]) +AC_DEFINE_UNQUOTED([VERSION], ["4.22.0"], [Define the project version.]) AC_SUBST([VERSION]) AC_CONFIG_MACRO_DIR([m4]) @@ -431,9 +431,11 @@ else AC_CONFIG_FILES(mtcr_ul/Makefile) fi +AM_CONDITIONAL(LINUX_BUILD, [test "x$OS" = "xLinux"]) +AC_SUBST(LINUX_BUILD) AC_OUTPUT( Makefile common/Makefile mft_utils/Makefile mft_utils/hsmclient/Makefile mtcr_py/Makefile ext_libs/Makefile ext_libs/sqlite/Makefile ext_libs/muparser/Makefile ext_libs/json/Makefile ext_libs/minixz/Makefile dev_mgt/Makefile \ tools_layouts/Makefile reg_access/Makefile cmdif/Makefile libmfa/Makefile pldmlib/Makefile tools_res_mgmt/Makefile mlxconfig/Makefile mlxconfig/mlxconfig_dbs/Makefile mflash/Makefile mlxfwops/Makefile mlxfwops/lib/Makefile cmdparser/Makefile \ flint/Makefile small_utils/Makefile small_utils/mlxfwresetlib/Makefile mstdump/Makefile mstdump/crd_lib/Makefile mstdump/crd_main/Makefile mstdump/mstdump_dbs/Makefile mvpd/Makefile \ - fw_comps_mgr/Makefile mad_ifc/Makefile tracers/Makefile tracers/fwtrace/Makefile resourcedump/Makefile resourceparse/Makefile ) + fw_comps_mgr/Makefile mad_ifc/Makefile tracers/Makefile tracers/fwtrace/Makefile resourcedump/Makefile resourcedump/resourcedump_lib/Makefile resourceparse/Makefile ) diff --git a/debian/changelog b/debian/changelog index bcb0ec4a..98eeb84b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +mstflint (4.22.0-1) unstable; urgency=low + + * Updated from MFT-4.22.0 + + -- Alex Blago Thu, 8 Sep 2022 00:00:00 +0000 + mstflint (4.21.0-1) unstable; urgency=low * Updated from MFT-4.21.0 diff --git a/ext_libs/iniParser/README.md b/ext_libs/iniParser/README.md index dbc30d0a..d8f72a78 100644 --- a/ext_libs/iniParser/README.md +++ b/ext_libs/iniParser/README.md @@ -29,7 +29,7 @@ You should consider trying the following rules too : ## III - License This software is released under MIT License. -See LICENSE for full informations +See LICENSE for full information ## IV - Versions diff --git a/ext_libs/iniParser/dictionary.c b/ext_libs/iniParser/dictionary.c index 5e998193..3773b218 100644 --- a/ext_libs/iniParser/dictionary.c +++ b/ext_libs/iniParser/dictionary.c @@ -6,7 +6,7 @@ This module implements a simple dictionary object, i.e. a list of string/string associations. This object is useful to store e.g. - informations retrieved from a configuration file (ini files). + information retrieved from a configuration file (ini files). */ /*--------------------------------------------------------------------------*/ diff --git a/ext_libs/iniParser/dictionary.h b/ext_libs/iniParser/dictionary.h index 772b5156..f0623d19 100644 --- a/ext_libs/iniParser/dictionary.h +++ b/ext_libs/iniParser/dictionary.h @@ -7,7 +7,7 @@ This module implements a simple dictionary object, i.e. a list of string/string associations. This object is useful to store e.g. - informations retrieved from a configuration file (ini files). + information retrieved from a configuration file (ini files). */ /*--------------------------------------------------------------------------*/ diff --git a/ext_libs/iniParser/iniparser.c b/ext_libs/iniParser/iniparser.c index f91962b9..a897482a 100644 --- a/ext_libs/iniParser/iniparser.c +++ b/ext_libs/iniParser/iniparser.c @@ -37,7 +37,7 @@ typedef enum _line_status_ @param in String to convert. @param out Output buffer. @param len Size of the out buffer. - @return ptr to the out buffer or NULL if an error occured. + @return ptr to the out buffer or NULL if an error occurred. This function convert a string into lowercase. At most len - 1 elements of the input string will be converted. diff --git a/ext_libs/sqlite/sqlite3.c b/ext_libs/sqlite/sqlite3.c index 5394db40..98d8d127 100644 --- a/ext_libs/sqlite/sqlite3.c +++ b/ext_libs/sqlite/sqlite3.c @@ -109831,7 +109831,7 @@ static RenameToken *renameColumnTokenNext(RenameCtx *pCtx){ } /* -** An error occured while parsing or otherwise processing a database +** An error occurred while parsing or otherwise processing a database ** object (either pParse->pNewTable, pNewIndex or pNewTrigger) as part of an ** ALTER TABLE RENAME COLUMN program. The error message emitted by the ** sub-routine is currently stored in pParse->zErrMsg. This function @@ -214381,7 +214381,7 @@ static int sessionBindRow( ** iterator pIter points to to the SELECT and attempts to seek to the table ** entry. If a row is found, the SELECT statement left pointing at the row ** and SQLITE_ROW is returned. Otherwise, if no row is found and no error -** has occured, the statement is reset and SQLITE_OK is returned. If an +** has occurred, the statement is reset and SQLITE_OK is returned. If an ** error occurs, the statement is reset and an SQLite error code is returned. ** ** If this function returns SQLITE_ROW, the caller must eventually reset() diff --git a/flint/cmd_line_parser.cpp b/flint/cmd_line_parser.cpp index 62bd9b37..3d5f3463 100644 --- a/flint/cmd_line_parser.cpp +++ b/flint/cmd_line_parser.cpp @@ -124,7 +124,6 @@ SubCmdMetaData::SubCmdMetaData() _sCmds.push_back(new SubCmd("ir", "image_reactivation", SC_Image_Reactivation)); _sCmds.push_back(new SubCmd("bc", "binary_compare", SC_Binary_Compare)); _sCmds.push_back(new SubCmd("", "rsa_sign", SC_RSA_Sign)); - _sCmds.push_back(new SubCmd("", "import_hsm_key", SC_Import_Hsm_Key)); _sCmds.push_back(new SubCmd("", "export_public_key", SC_Export_Public_Key)); } @@ -232,11 +231,6 @@ FlagMetaData::FlagMetaData() _flags.push_back(new Flag("", "activate_delay_sec", 1)); _flags.push_back(new Flag("", "downstream_device_ids", 1)); _flags.push_back(new Flag("", "download_transfer", 0)); -#ifndef __WIN__ - _flags.push_back(new Flag("", "private_key_label", 1)); - _flags.push_back(new Flag("", "public_key_label", 1)); - _flags.push_back(new Flag("", "hsm", 0)); -#endif _flags.push_back(new Flag("", "openssl_engine", 1)); _flags.push_back(new Flag("", "openssl_key_id", 1)); #ifdef __WIN__ @@ -784,8 +778,6 @@ void Flint::initCmdParser() AddOptions("ocr", ' ', "", "another flag for override cache replacement", true); - AddOptions("hsm", ' ', "", "flag for the sign command", true); - AddOptions("private_key", ' ', "", "path to PEM formatted private key to be used by the sign command"); AddOptions("public_key", ' ', "", "path to PEM formatted public key to be used by the sign command"); @@ -821,65 +813,61 @@ void Flint::initCmdParser() AddOptions("linkx_auto_update", ' ', "", "Use this flag while burning all cable devices connected to host.", false, false, 1); - AddOptions( - "activate", - ' ', - "", - "Use this flag to apply the activation of all cable devices connected to host. By default, the activation is not performed.", - false, - false, - 1); + AddOptions("activate", + ' ', + "", + "Use this flag to apply the activation of all cable devices connected to host. By default, the " + "activation is not performed.", + false, + false, + 1); AddOptions( "activate_delay_sec", ' ', "", - "Use this flag to activate all cable devices connected to host with delay, acceptable values are between 0 and 255 (default - 1). Important: 'activate' flag must be set. This flag is relevant only for cable components.", + "Use this flag to activate all cable devices connected to host with delay, acceptable values are between 0 and " + "255 (default - 1). Important: 'activate' flag must be set. This flag is relevant only for cable components.", false, false, 1); - AddOptions( - "download_transfer", - ' ', - "", - "Use this flag to perform the download and transfer of all cable data for cables. By default, the download and transfer are not performed . This flag is relevant only for cable components.", - false, - false, - 1); - - AddOptions( - "downstream_device_ids", - ' ', - "", - "Use this flag to specify the LNKX ports to perform query. List must be only comma-separated numbers, without spaces.", - false, - false, - 1); + AddOptions("download_transfer", + ' ', + "", + "Use this flag to perform the download and transfer of all cable data for cables. By default, the " + "download and transfer are not performed . This flag is relevant only for cable components.", + false, + false, + 1); -#ifndef __WIN__ - AddOptions("public_key_label", ' ', "", "public key label to be used by the sign --hsm command"); + AddOptions("downstream_device_ids", + ' ', + "", + "Use this flag to specify the LNKX ports to perform query. List must be only comma-separated numbers, " + "without spaces.", + false, + false, + 1); - AddOptions("private_key_label", ' ', "", "private key label to be used by the sign --hsm command"); -#endif AddOptions( "openssl_engine", ' ', "", "Name of the OpenSSL engine to used by the sign/rsa_sign commands to work with the HSM hardware via OpenSSL API"); - AddOptions( - "openssl_key_id", - ' ', - "", - "Key identification string to be used by the sign/rsa_sign commands to work with the HSM hardware via OpenSSL API"); + AddOptions("openssl_key_id", + ' ', + "", + "Key identification string to be used by the sign/rsa_sign commands to work with the HSM hardware via " + "OpenSSL API"); AddOptions("output_file", ' ', "", "output file name for exporting the public key from PEM/BIN"); AddOptions("user_password", ' ', "", "the HSM user password string in order to work with HSM device"); #ifdef __WIN__ - AddOptions( - "cpu_util", - ' ', - "", - "Use this flag to reduce CPU utilization while burning, Windows only. Legal values are from 1 (lowest CPU) to 5 (highest CPU)"); + AddOptions("cpu_util", + ' ', + "", + "Use this flag to reduce CPU utilization while burning, Windows only. Legal values are from 1 (lowest " + "CPU) to 5 (highest CPU)"); #endif AddOptions( "cert_chain_index", @@ -906,9 +894,9 @@ void Flint::initCmdParser() AddOptionalSectionData("RETURN VALUES", "0", "Successful completion."); AddOptionalSectionData("RETURN VALUES", "1", "An error has occurred."); - AddOptionalSectionData( - "RETURN VALUES", "7", - "For burn command - burning new firmware option was not chosen by the user when prompted, thus the firmware burning process was aborted."); + AddOptionalSectionData("RETURN VALUES", "7", + "For burn command - burning new firmware option was not chosen by the user when prompted, " + "thus the firmware burning process was aborted."); for (map_sub_cmd_t_to_subcommand::iterator it = _subcommands.begin(); it != _subcommands.end(); it++) { @@ -1207,17 +1195,14 @@ ParseStatus Flint::HandleOption(string name, string value) } else if (name == "private_key") { - _flintParams.privkey_specified = true; _flintParams.privkey_file = value; } else if (name == "public_key") { - _flintParams.pubkey_specified = true; _flintParams.pubkey_file = value; } else if (name == "key_uuid") { - _flintParams.uuid_specified = true; _flintParams.privkey_uuid = value; } else if (name == "hmac_key") @@ -1263,10 +1248,6 @@ ParseStatus Flint::HandleOption(string name, string value) } _flintParams.cpu_percent = (int)cpu_percent; } - else if (name == "hsm") - { - _flintParams.hsm_specified = true; - } else if (name == "openssl_engine") { _flintParams.openssl_engine_usage_specified = true; @@ -1277,16 +1258,6 @@ ParseStatus Flint::HandleOption(string name, string value) _flintParams.openssl_engine_usage_specified = true; _flintParams.openssl_key_id = value; } - else if (name == "private_key_label") - { - _flintParams.private_key_label_specified = true; - _flintParams.private_key_label = value; - } - else if (name == "public_key_label") - { - _flintParams.public_key_label_specified = true; - _flintParams.public_key_label = value; - } else if (name == "output_file") { _flintParams.output_file_specified = true; diff --git a/flint/err_msgs.h b/flint/err_msgs.h index f2555922..2e7b23f1 100644 --- a/flint/err_msgs.h +++ b/flint/err_msgs.h @@ -59,7 +59,6 @@ typedef enum #define FLINT_CLEAR_SEM_CMD_ERROR "No command is allowed when -clear_semaphore flag is given.\n" #define FLINT_COMMAND_FLAGS_ERROR "For %s command, Please specify %s.\n" #define FLINT_COMMAND_INCORRECT_FLAGS_ERROR "For %s command, %s.\n" -#define FLINT_PARSE_MEM_ERROR "Failed to allocate memory for parsing.\n " #define FLINT_NO_OPTIONS_FOUND_ERROR "No options found. " #define FLINT_INVALID_COMMAD_ERROR "Invalid command: %s\n" #define FLINT_TOO_MANY_ARGS_ERROR "Too many arguments. Expected: %d , Received: %d\n" @@ -85,8 +84,9 @@ typedef enum #define FLINT_INVALID_FLAG_WITHOUT_FLAG_ERROR "\"%s\" flag must be specified with \"%s\" flag.\n" #define FLINT_INVALID_FLAG_WITH_CMD_ERROR "Cannot specify flag: %s with Command: %s\n" #define FLINT_CMD_VERIFY_ERROR "FW image verification failed: %s. AN HCA DEVICE CAN NOT BOOT FROM THIS IMAGE.\n" -#define FLINT_CMD_VERIFY_ERROR_1 \ - "FW image verification failed: No valid FS4 image found.Check the flash parameters, if specified..AN HCA DEVICE CAN NOT BOOT FROM THIS IMAGE" +#define FLINT_CMD_VERIFY_ERROR_1 \ + "FW image verification failed: No valid FS4 image found.Check the flash parameters, if specified..AN HCA DEVICE " \ + "CAN NOT BOOT FROM THIS IMAGE" #define FLINT_FAILED_QUERY_ERROR "Failed to query %s: %s. %s\n" #define FLINT_COMMAND_DEVICE_IMAGE_ERROR "Command \"%s\" requires both image and device to be specified.\n" #define FLINT_COMMAND_DEVICE_ERROR "Command \"%s\" requires device, but an image file was given.\n" @@ -109,7 +109,6 @@ typedef enum #define FLINT_IMAGE_READ_ERROR "Failed to read image. %s\n" #define FLINT_READ_ERROR "Failed to read from %s. %s\n" #define FLINT_READ_FILE_ERROR "Failed to read from %s.\n" -#define FLINT_WIN_NOT_SUPP_ERROR "Command \"%s\" is not supported in windows.\n" #define FLINT_WIN_ONLY_SUPP_ERROR "Command \"%s\" is supported only in windows.\n" #define FLINT_GEN_COMMAND_ERROR "Failed to execute command %s. %s\n" #define FLINT_FS3_BB_ERROR \ @@ -138,14 +137,12 @@ typedef enum #define FLINT_WB_FILE_ERROR "failed to open file: %s. %s\n" #define FLINT_WB_ERROR "write Block Failed. %s\n" #define FLINT_NO_ZLIB_ERROR "Executable was compiled with \"dump files\" option disabled.\n" -#define FLINT_FLAG_WITH_FLAG_ERROR "\"%s\" flag must be specified with \"%s\" flag.\n" #define FLINT_INVALID_PASSWORD "Invalid Password.\n" #define FLINT_NO_GUID_MAC_FLAGS_ERROR "Can not set GUIDs/MACs: please run with -uid/-guid/-mac flag.\n" #define FLINT_NOT_SUPP_UID_FLAG_ERROR \ "Can not set GUIDs/MACs: %s flag is not supported for this device.\nPlease run with -uid/-guid/-mac flag.\n" #define FLINT_NO_UID_FLAG_ERROR "Can not set GUIDs/MACs: uid is not specified, please run with -uid flag.\n" #define FLINT_CHECKSUM_ERROR "Failed to calculate checksum on %s: %s\n" -#define FLINT_CHECKSUM_MISMATCH_ERROR "Given checksum: %s does not match the checksum calculated on device FW: %s.\n" #define FLINT_CHECKSUM_PARSE_ERROR "Failed to parse given checksum.\n" #define FLINT_CHECKSUM_LEN_ERROR "MD5 checksum should be exactly 16 bytes long.\n" #define FLINT_CHECKSUM_HEX_ERROR "MD5 checksum should contain only hexadecimal digits.\n" @@ -169,34 +166,21 @@ typedef enum #define UNCOMPRESSS_ERROR "Failed uncompressing FW configuration section. uncompress returns %d" #define OPEN_WRITE_FILE_ERROR "Can not open file %s for write: %s." #define IMAGE_SIGN_TYPE_ERROR "Image signing is applicable only for selected FW images. Please check your image type.\n" -#define HSM_INIT_ERROR "HSM init has failed! Please check if the HSM card installed and configured properly.\n" -#define HSM_PRIVATE_KEY_DUPLICATE "Creating HSM signature has failed - the private key label is duplicated.\n" -#define HSM_PUBLIC_KEY_DUPLICATE "Creating HSM signature has failed - the public key label is duplicated.\n" -#define HSM_SIGNATURE_CREATION_FAILED "Creating HSM signature has failed\n" -#define HSM_UUID_MISSING "To Sign the image with RSA you must provide UUID with HSM sign.\n" -#define HSM_PRIVATE_KEY_LABEL_MISSING "Must supply private key label for sign with HSM sign.\n" -#define HSM_PASSWORD_MISSING "Must supply HSM user password for sign with HSM sign.\n" #define SIGN_PRIVATE_KEY_NOT_FOUND "Can't find private key file %s \n" #define SIGN_PUBLIC_KEY_NOT_FOUND "Can't find public key file %s \n" -#define HSM_BOOT_SIGNATURE_CREATION_FAILED "Creating HSM BOOT signature has failed\n" -#define HSM_CRITICAL_SIGNATURE_CREATION_FAILED "Creating HSM critical signature has failed\n" -#define HSM_NON_CRITICAL_SIGNATURE_CREATION_FAILED "Creating HSM non-critical signature has failed\n" -#define HSM_SECURE_BOOT_SIGNATURE_FAILED "Inserting secure BOOT signatures has failed : %s.\n" -#define HSM_SECURE_FW_SIGNATURE_FAILED "Creation secured FW signatures has failed.\n" #define LINKX_QUERY_DEVICE_NOT_SUPPORTED "Linkx query for device %s is not supported.\n" #define LINKX_BURN_DEVICE_NOT_SUPPORTED "Linkx burn for device %s is not supported.\n" /************************** * Flint Warning Messages *************************/ -#define FLINT_QQ_WARRNING "-W- Running quick query - Skipping full image integrity checks.\n" #define FLINT_NOT_MLNX_FW_WARNING "-W- Not a Mellanox FW image (vendor_id = 0x%04x). VSD and PSID are not displayed.\n" #define FLINT_BLANK_GUIDS_WARNING "-W- GUIDs/MACs values and their CRC are not set.\n" #define FLINT_MULTI_BIT_WARNING "Multicast bit (bit 40) is set." #define FLINT_MORE_48_BITS_WARNING "More than 48 bits are used." #define FLINT_BAD_MAC_ADRESS_WARNING "\n-W- Bad mac address ( %4.4x%8.8x ): %s\n" -#define FLINT_MAC_ENTRIES_WARNING \ - "-W- Cannot get MAC address: Expecting %d entries in guid section, got %d. Probably an old FW image. Please update.\n" -#define FLINT_INTERRUPT_WARRNING "\n-W- An internal error occurred. This program cannot be interrupted.\n" +#define FLINT_MAC_ENTRIES_WARNING \ + "-W- Cannot get MAC address: Expecting %d entries in guid section, got %d. Probably an old FW image. Please " \ + "update.\n" #define FLINT_SET_GUIDS_WARRNING "-W- GUIDs are already set, re-burning image with the new GUIDs ...\n" #define FLINT_OCR_WARRNING \ "\n-W- Firmware flash cache access is enabled. Running in this mode may cause the firmware to hang.\n" diff --git a/flint/flint.cpp b/flint/flint.cpp index 503c25be..2048aacf 100644 --- a/flint/flint.cpp +++ b/flint/flint.cpp @@ -185,7 +185,6 @@ map_sub_cmd_t_to_subcommand Flint::initSubcommandMap() cmdMap[SC_Image_Reactivation] = new ImageReactivationSubCommand(); cmdMap[SC_RSA_Sign] = new SignRSASubCommand(); cmdMap[SC_Binary_Compare] = new BinaryCompareSubCommand(); - cmdMap[SC_Import_Hsm_Key] = new ImportHsmKeySubCommand(); #ifndef NO_OPEN_SSL cmdMap[SC_Export_Public_Key] = new ExportPublicSubCommand(); #endif @@ -271,7 +270,7 @@ FlintStatus Flint::run(int argc, char* argv[]) if (_subcommands.count(_flintParams.cmd) == 0) { // should not be reached - printf("-E- FATAL: command object not found."); + printf("-E- FATAL: command object not found.\n"); return FLINT_FAILED; } _subcommands[_flintParams.cmd]->setParams(_flintParams); diff --git a/flint/flint_params.cpp b/flint/flint_params.cpp index 5795eceb..05f4eab6 100644 --- a/flint/flint_params.cpp +++ b/flint/flint_params.cpp @@ -92,10 +92,7 @@ FlintParams::FlintParams() hexdump_format = false; skip_ci_req = false; use_dev_rom = false; - privkey_specified = false; - pubkey_specified = false; privkey2_specified = false; - uuid_specified = false; uuid2_specified = false; no_fw_ctrl = false; image_reactivation = false; @@ -104,9 +101,6 @@ FlintParams::FlintParams() use_psid = false; congestion_control = false; use_cpu_utilization = false; - public_key_label_specified = false; - private_key_label_specified = false; - hsm_specified = false; hsm_password_specified = false; linkx_control = false; cableDeviceIndex = -1; diff --git a/flint/flint_params.h b/flint/flint_params.h index 28ff3caa..53c10a01 100644 --- a/flint/flint_params.h +++ b/flint/flint_params.h @@ -91,7 +91,6 @@ typedef enum SC_Image_Reactivation, SC_RSA_Sign, SC_Binary_Compare, - SC_Import_Hsm_Key, SC_Export_Public_Key } sub_cmd_t; @@ -157,12 +156,9 @@ class FlintParams bool hexdump_format; bool skip_ci_req; bool use_dev_rom; - bool privkey_specified; - bool pubkey_specified; string privkey_file; string pubkey_file; - bool uuid_specified; string privkey_uuid; bool privkey2_specified; bool key_specified; @@ -180,11 +176,6 @@ class FlintParams string congestion_control_param; bool use_cpu_utilization; int cpu_percent; - bool hsm_specified; - string private_key_label; - string public_key_label; - bool private_key_label_specified; - bool public_key_label_specified; bool output_file_specified; string output_file; bool hsm_password_specified; diff --git a/flint/subcommands.cpp b/flint/subcommands.cpp index f48e5250..3c694601 100644 --- a/flint/subcommands.cpp +++ b/flint/subcommands.cpp @@ -53,9 +53,6 @@ #endif #if !defined(NO_OPEN_SSL) #include -#if !defined(NO_DYNAMIC_ENGINE) -#include -#endif #endif #include "hex64.h" #define MAX_IMG_TYPE_LEN 20 @@ -1698,8 +1695,8 @@ SignSubCommand::SignSubCommand() _flagLong = "sign"; _flagShort = ""; _paramExp = "None"; - _example = FLINT_NAME - " -i fw_image.bin [--private_key file.pem --key_uuid uuid_string] OR [--openssl_engine engine --openssl_key_id identifier --key_uuid uuid_string] sign"; + _example = FLINT_NAME " -i fw_image.bin [--private_key file.pem --key_uuid uuid_string] OR [--openssl_engine " + "engine --openssl_key_id identifier --key_uuid uuid_string] sign"; _v = Wtv_Img; _maxCmdParamNum = 0; _cmdType = SC_Sign; @@ -1721,85 +1718,67 @@ FlintStatus SignSubCommand::executeCommand() if (_flintParams.openssl_engine_usage_specified) { #if !defined(NO_OPEN_SSL) && !defined(NO_DYNAMIC_ENGINE) - MlxSign::OpensslEngineSigner engineSigner(_flintParams.openssl_engine, _flintParams.openssl_key_id); - int rc = engineSigner.init(); + //* Init Signer + MlxSign::MlxSignRSAViaHSM signer(_flintParams.openssl_engine, _flintParams.openssl_key_id); + int rc = signer.Init(); if (rc) { - reportErr(true, "Failed to initialize %s engine (rc = 0x%x)\n", _flintParams.openssl_engine.c_str(), rc); + reportErr(true, "Open SSL dynamic engine functionality is not supported.\n"); return FLINT_FAILED; } - // flint sign over openssl only allow for 4K key size - int keySize = engineSigner.getPrivateKeySize(); - if (keySize != KEY_SIZE_512) - { - reportErr(true, "The HSM key has to be 4096 bit!\n"); - return FLINT_FAILED; - } - vector fourMbImage; - vector signature; - vector sha; - if (!_imgOps->FwCalcSHA(MlxSign::SHA512, sha, fourMbImage)) - { - reportErr(true, FLINT_IMAGE_READ_ERROR, _imgOps->err()); - return FLINT_FAILED; - } - rc = engineSigner.sign(fourMbImage, signature); - if (rc) - { - reportErr(true, "Failed to set private key from engine (rc = 0x%x)\n", rc); - return FLINT_FAILED; - } - if (!_imgOps->InsertSecureFWSignature(signature, _flintParams.privkey_uuid.c_str(), &verifyCbFunc)) + if (!_imgOps->SignForFwUpdate(_flintParams.privkey_uuid.c_str(), signer, MlxSign::SHA512, &verifyCbFunc)) { reportErr(true, FLINT_SIGN_ERROR, _imgOps->err()); return FLINT_FAILED; } - return FLINT_SUCCESS; #else reportErr(true, "Open SSL functionality is not supported.\n"); return FLINT_FAILED; #endif } - if (_flintParams.hsm_specified) + else if (!_flintParams.privkey_file.empty() && !_flintParams.privkey_uuid.empty()) { - // Luna HSM not supported - reportErr(true, FLINT_NO_HSM); - return FLINT_FAILED; - } - else - { - if (_flintParams.privkey_specified && _flintParams.uuid_specified) + if (_flintParams.privkey2_specified && _flintParams.uuid2_specified) { - if (_flintParams.privkey2_specified && _flintParams.uuid2_specified) + if (!_imgOps->FwSignWithTwoRSAKeys(_flintParams.privkey_file.c_str(), + _flintParams.privkey_uuid.c_str(), + _flintParams.privkey2_file.c_str(), + _flintParams.privkey2_uuid.c_str(), + &verifyCbFunc)) { - if (!_imgOps->FwSignWithTwoRSAKeys(_flintParams.privkey_file.c_str(), - _flintParams.privkey_uuid.c_str(), - _flintParams.privkey2_file.c_str(), - _flintParams.privkey2_uuid.c_str(), - &verifyCbFunc)) - { - reportErr(true, FLINT_SIGN_ERROR, _imgOps->err()); - return FLINT_FAILED; - } - } - else - { - if (!_imgOps->signForFwUpdate(_flintParams.privkey_file.c_str(), _flintParams.privkey_uuid.c_str(), - &verifyCbFunc)) - { - reportErr(true, FLINT_SIGN_ERROR, _imgOps->err()); - return FLINT_FAILED; - } + reportErr(true, FLINT_SIGN_ERROR, _imgOps->err()); + return FLINT_FAILED; } } else { - if (!_imgOps->FwInsertSHA256(&verifyCbFunc)) +#if !defined(NO_OPEN_SSL) && !defined(NO_DYNAMIC_ENGINE) + //* Init Signer + MlxSign::MlxSignRSAViaOpenssl signer(_flintParams.privkey_file.c_str()); + int rc = signer.Init(); + if (rc) + { + return FLINT_FAILED; + } + + if (!_imgOps->SignForFwUpdate(_flintParams.privkey_uuid.c_str(), signer, signer.GetShaType(), &verifyCbFunc)) { reportErr(true, FLINT_SIGN_ERROR, _imgOps->err()); return FLINT_FAILED; } +#else + reportErr(true, "Open SSL functionality is not supported.\n"); + return FLINT_FAILED; +#endif + } + } + else + { + if (!_imgOps->FwInsertSHA256(&verifyCbFunc)) + { + reportErr(true, FLINT_SIGN_ERROR, _imgOps->err()); + return FLINT_FAILED; } } return FLINT_SUCCESS; @@ -1824,48 +1803,29 @@ bool SignSubCommand::verifyParams() reportErr(true, "The Sign command with --openssl_key_id flag does not accept public keys\n"); return false; } - if (_flintParams.privkey_specified) - { - reportErr( - true, - "The Sign command does not accept --private_key flag with the following flags: --openssl_engine, --openssl_key_id\n"); - return false; - } - } - else if (_flintParams.hsm_specified) - { - if (_flintParams.uuid_specified == false) - { - reportErr(true, HSM_UUID_MISSING); - return false; - } - if (_flintParams.private_key_label_specified == false) + if (!_flintParams.privkey_file.empty()) { - reportErr(true, HSM_PRIVATE_KEY_LABEL_MISSING); - return false; - } - if (_flintParams.hsm_password_specified == false) - { - reportErr(true, HSM_PASSWORD_MISSING); + reportErr(true, "The Sign command does not accept --private_key flag with the following flags: " + "--openssl_engine, --openssl_key_id\n"); return false; } } else { - if (_flintParams.privkey_specified ^ _flintParams.uuid_specified) + if (_flintParams.privkey_file.empty() != _flintParams.privkey_uuid.empty()) { reportErr(true, "To Sign the image with RSA you must provide " "private key and uuid.\n"); return false; } - if (!_flintParams.privkey_specified && _flintParams.privkey2_specified) + if (_flintParams.privkey_file.empty() && _flintParams.privkey2_specified) { reportErr(true, "Use --private_key if you want to sign with only one key.\n"); return false; } - if (_flintParams.privkey2_specified ^ _flintParams.uuid2_specified) + if (_flintParams.privkey2_specified != _flintParams.uuid2_specified) { reportErr(true, "To Sign the image with two RSA keys you must provide " "two private keys and two uuid.\n"); @@ -1897,7 +1857,6 @@ BinaryCompareSubCommand::BinaryCompareSubCommand() _maxCmdParamNum = 1; _minCmdParamNum = 0; _cmdType = SC_Binary_Compare; - _fwType = 0; _devQueryRes = 0; _mccSupported = false; memset(&_devInfo, 0, sizeof(_devInfo)); @@ -2033,7 +1992,6 @@ FlintStatus BinaryCompareSubCommand::executeCommand() { _flintParams.override_cache_replacement = true; } - _fwType = _fwOps->FwType(); // query both image and device if (!_fwOps->FwQuery(&_devInfo, true, false, true, false, (_flintParams.silent == false))) { @@ -2112,8 +2070,8 @@ SignRSASubCommand::SignRSASubCommand() _flagLong = "rsa_sign"; _flagShort = ""; _paramExp = "None"; - _example = FLINT_NAME - " -i fw_image.bin [--private_key file.pem] OR [--private_key_label