From f8a8cf11bf7bb3da1ec4262192f4614d12082743 Mon Sep 17 00:00:00 2001 From: Tim Gover Date: Sat, 5 Oct 2019 14:31:52 +0100 Subject: [PATCH 1/3] rpi-eeprom-update: Remove comments about safe mode The concept of a safe mode recovery.bin bootloader was dropped in favour of a recovery.bin which renames itself after updating the EEPROM. Remove the old comments. --- rpi-eeprom-update | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/rpi-eeprom-update b/rpi-eeprom-update index 76a261f..597b7ea 100755 --- a/rpi-eeprom-update +++ b/rpi-eeprom-update @@ -276,7 +276,6 @@ findBootFS() # If ${BOOTFS} is not writable OR is not on /dev/mmcblk0 then error because the ROM # can only load recovery.bin from the on-board SD-CARD slot or the EEPROM. - # To skip installing the safe mode recovery.bin use the -s option if blkid | grep -qE "/dev/mmcblk0p1.*LABEL_FATBOOT.*RECOVERY.*TYPE.*vfat"; then TMP_BOOTFS_MNT="$(mktemp -d)" mount /dev/mmcblk0p1 "${TMP_BOOTFS_MNT}" @@ -284,8 +283,7 @@ findBootFS() fi # If BOOTFS is not a directory or doesn't contain any .elf files then - # it's probably not the boot partition so assume that it cannot be used for a - # safe mode recovery + # it's probably not the boot partition. [ -d "${BOOTFS}" ] || die "BOOTFS: \"${BOOTFS}\" is not a directory" [ "$(find "${BOOTFS}/" -name "*.elf" | wc -l)" -gt 0 ] || die "BOOTFS: \"${BOOTFS}\" contains no .elf files" } From 937f7221983a17fcd43a7cf6cc5d4bf4d15d8ac2 Mon Sep 17 00:00:00 2001 From: Tim Gover Date: Sat, 5 Oct 2019 14:35:00 +0100 Subject: [PATCH 2/3] rpi-eeprom-config: Increase the configuration size limit to 2024 Update the rpi-eeprom-config tool to accept config files of up to 2024 byte. The config section has a 24byte header so the section is always <= 2KiB. This allows a reasonably large user-data section in the config file accessible via 'vcgencmd bootloader_config' as an alternative to customer OTP data. N.B. The vcgencmd uses a single VCHIQ message which is limited to 4092 bytes. Setting a 2KiB limit here gives room for user-data plus some spare space for future config expansion before an VCHIQ bulk message or an extra EEPROM 4KiB page is required. --- rpi-eeprom-config | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/rpi-eeprom-config b/rpi-eeprom-config index 993793f..ac34921 100755 --- a/rpi-eeprom-config +++ b/rpi-eeprom-config @@ -10,6 +10,8 @@ import sys IMAGE_SIZE = 512 * 1024 +MAX_BOOTCONF_SIZE = 2024 + # Each section starts with a magic number followed by a 32 bit offset to the # next section (big-endian). # The number, order and size of the sections depends on the bootloader version @@ -55,8 +57,9 @@ class BootloaderImage(object): hdr_offset, length = self.find_config() new_config_bytes = open(new_config, 'rb').read() new_len = len(new_config_bytes) + FILENAME_LEN + 4 - if new_len > length and new_len > 1024: - raise Exception('Config is too large') + if len(new_config_bytes) > MAX_BOOTCONF_SIZE: + raise Exception("Config is too large (%d bytes). The maximum size is %d bytes." + % (len(new_config_bytes), MAX_BOOTCONF_SIZE)) if hdr_offset + len(new_config_bytes) + FILE_HDR_LEN > IMAGE_SIZE: raise Exception('EEPROM image size exceeded') From 57150a4104548119f1382e5ab23f3612c7e7d76c Mon Sep 17 00:00:00 2001 From: Tim Gover Date: Sun, 6 Oct 2019 14:08:44 +0100 Subject: [PATCH 3/3] test-rpi-eeprom-config: Add test cases for large config files --- test/bootconf-2024.txt | 28 ++++++++++++++++++++++++++ test/bootconf-2025.txt | 28 ++++++++++++++++++++++++++ test/test-rpi-eeprom-config | 40 +++++++++++++++++++++++++++++++++++++ 3 files changed, 96 insertions(+) create mode 100644 test/bootconf-2024.txt create mode 100644 test/bootconf-2025.txt diff --git a/test/bootconf-2024.txt b/test/bootconf-2024.txt new file mode 100644 index 0000000..77db039 --- /dev/null +++ b/test/bootconf-2024.txt @@ -0,0 +1,28 @@ +[all] +BOOT_UART=0 +WAKE_ON_GPIO=1 +POWER_OFF_ON_HALT=0 +[none] +userdata0=0x12345789 +userdata1=0x12345789 +userdata2=0x12345789 +userdata3=0x12345789 +userdata4=0x12345789 +userdata5=0x12345789 +userdata6=0x12345789 +userdata7=0x12345789 +userdata8=0x12345789 +userdata9=0x12345789 +usercert=ZZZZZZZZZZZZlhEAAAADAQABAAABAQDg2l41l7troIKOA0hk3p9y4KuITWBL/aaTMORoqmXfyqEONNULSMElaLWch/b8ScHmcS+kxkS5DtLmKFo1JI14IaQNL5fr4C6Dp23CyMGIgjp3ZFg9tXs/qWpw36Ge0MCxjabbFeKVcMXD10voMT0AHfJtQb2YfOl37ffzC4bR3phUnp0Ceqpl0Loe6hxUP/r4Jen1OKskdfjsldfjalAjn9ASdkjnkjbaAKjnLKJbaKJHDRDkllDAlciaIKSPX2b0uk2MJRJhfarMHDnmxZtEzqMgwLdLol9XVjiSu/7EUzR9Qtvs8xhf6XuUJPRD6OtJCb49L+bb/pXAej/GOk0f +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# ++++++++++++++++++++++++++++++++++++++++++++++++ diff --git a/test/bootconf-2025.txt b/test/bootconf-2025.txt new file mode 100644 index 0000000..e7752e4 --- /dev/null +++ b/test/bootconf-2025.txt @@ -0,0 +1,28 @@ +[all] +BOOT_UART=0 +WAKE_ON_GPIO=1 +POWER_OFF_ON_HALT=0 +[none] +userdata0=0x12345789 +userdata1=0x12345789 +userdata2=0x12345789 +userdata3=0x12345789 +userdata4=0x12345789 +userdata5=0x12345789 +userdata6=0x12345789 +userdata7=0x12345789 +userdata8=0x12345789 +userdata9=0x12345789 +usercert=ZZZZZZZZZZZZlhEAAAADAQABAAABAQDg2l41l7troIKOA0hk3p9y4KuITWBL/aaTMORoqmXfyqEONNULSMElaLWch/b8ScHmcS+kxkS5DtLmKFo1JI14IaQNL5fr4C6Dp23CyMGIgjp3ZFg9tXs/qWpw36Ge0MCxjabbFeKVcMXD10voMT0AHfJtQb2YfOl37ffzC4bR3phUnp0Ceqpl0Loe6hxUP/r4Jen1OKskdfjsldfjalAjn9ASdkjnkjbaAKjnLKJbaKJHDRDkllDAlciaIKSPX2b0uk2MJRJhfarMHDnmxZtEzqMgwLdLol9XVjiSu/7EUzR9Qtvs8xhf6XuUJPRD6OtJCb49L+bb/pXAej/GOk0f +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 0123456789 +# ++++++++++++++++++++++++++++++++++++++++++++++++! diff --git a/test/test-rpi-eeprom-config b/test/test-rpi-eeprom-config index 9d72068..f56975a 100755 --- a/test/test-rpi-eeprom-config +++ b/test/test-rpi-eeprom-config @@ -107,6 +107,40 @@ check_update() fi } +# Verify that rpi-eeprom-config will apply and 2024 byte configuration file correctly. +check_conf_size_large() +{ + echo "check maximum config file size" + image="${script_dir}/$1" + conf="bootconf-2024.txt" + + expected_md5="$(md5sum "${conf}" | awk '{print $1}')" + + TMP_EEPROM="$(mktemp)" + "${script_dir}/../rpi-eeprom-config" \ + "${image}" \ + --config "${conf}" \ + --out "${TMP_EEPROM}" + + actual_md5="$("${script_dir}/../rpi-eeprom-config" "${TMP_EEPROM}" | md5sum | awk '{print $1}')" + [ "${actual_md5}" = "${expected_md5}" ] || die "EEPROM check large config: checksum mismatch" +} + +# Verify that rpi-eeprom-config will reject files exceeding 2024 bytes +check_conf_size_too_large() +{ + echo "check config file which exceeds the maximum size" + image="${script_dir}/$1" + conf="bootconf-2025.txt" + + expected_md5="$(md5sum "${conf}" | awk '{print $1}')" + + TMP_EEPROM="$(mktemp)" + if "${script_dir}/../rpi-eeprom-config" "${image}" --config "${conf}" --out "${TMP_EEPROM}" > /dev/null 2>&1; then + die "$config should have been rejected" + fi +} + check_loopback "../firmware/critical/pieeprom-2019-05-10.bin" "bootconf-2019-05-10.txt" cleanup @@ -118,3 +152,9 @@ cleanup check_reduce_size "../firmware/critical/pieeprom-2019-05-10.bin" "bootconf-2019-05-10.txt" cleanup + +check_conf_size_large "../firmware/critical/pieeprom-2019-05-10.bin" +cleanup + +check_conf_size_too_large "../firmware/critical/pieeprom-2019-05-10.bin" +cleanup