Fixes for re-signing images and dumping metadata.#10827
Open
lgirdwood wants to merge 7 commits into
Open
Conversation
Avoid false-positive CPD header detection when re-signing by validating CSE header candidates before accepting them. Make verification failures propagate as non-zero return values and ensure resources are cleaned up on all paths. After re-signing, verify the generated image immediately and remove the output file if verification fails to prevent leaving broken artifacts. Signed-off-by: Liam Girdwood <liam.r.girdwood@linux.intel.com>
Update command-line handling and help text to make resign usage clearer. Reject mutually exclusive mode combinations (resign with verify) early, so users get deterministic behavior and clearer error reporting. Signed-off-by: Liam Girdwood <liam.r.girdwood@linux.intel.com>
Extend CSS and CSE parsing/dump paths to include fields that were previously skipped or only partially represented. Cover version-specific CSE fields and expose additional CSS header members so output better matches the current rimage headers. Signed-off-by: Liam Girdwood <liam.r.girdwood@linux.intel.com>
Add full parsing support for plat_auth extensions and their module entries, including partition info, signed package variants, and info 0x16. Update extension dumps to print these parsed fields and nested structures. Signed-off-by: Liam Girdwood <liam.r.girdwood@linux.intel.com>
Parse additional ADSP metadata and manifest structures from the user manifest definitions, including module config records. Improve field naming/alignment with rimage structures while keeping compatibility aliases where needed. Signed-off-by: Liam Girdwood <liam.r.girdwood@linux.intel.com>
Teach memory-map lookup about newer platform aliases used in firmware paths so known layouts are selected instead of the unknown fallback. Signed-off-by: Liam Girdwood <liam.r.girdwood@linux.intel.com>
Introduce a PTL-specific memory map label and map PTL/NVL platform identifiers to it. This keeps displayed platform naming accurate while preserving the current address/size values. Signed-off-by: Liam Girdwood <liam.r.girdwood@linux.intel.com>
lgirdwood
requested review from
dbaluta,
kv2019i,
lbetlej,
mmaka1 and
plbossart
as code owners
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates rimage signing/verification flows and extends the firmware manifest dumper for newer platform metadata formats.
Changes:
- Improves
rimageverify/re-sign mode handling, including output validation and CLI mode exclusivity. - Adds parsing/dumping support for newer CSE/CSS/ADSP manifest fields and extensions.
- Adds memory map entries for newer Intel platforms.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
tools/rimage/src/rimage.c |
Updates CLI help and rejects simultaneous verify/re-sign modes. |
tools/rimage/src/manifest.c |
Adds stricter CSE header detection and validates re-signed output. |
tools/sof_ri_info/sof_ri_info.py |
Extends manifest parsing, dumping, module config handling, and platform memory maps. |
Comment on lines
+854
to
+863
| legacy_or_unused = reader.read_b() | ||
| if header_length > 12: | ||
| hdr.add_a(Ahex('not_used', legacy_or_unused)) | ||
| else: | ||
| hdr.add_a(Ahex('checksum', legacy_or_unused)) | ||
| hdr.add_a(Astring('partition_name', reader.read_string(4))) | ||
|
|
||
| # CSE v2.5 extends header with a CRC32 checksum dword | ||
| if header_length > 12: | ||
| hdr.add_a(Ahex('checksum32', reader.read_dw())) |
Comment on lines
+1290
to
+1292
| for i in range(0, num_module_entries): | ||
| mod_cfg = parse_adsp_manifest_mod_config(i, reader) | ||
| adsp_mft.add_comp(mod_cfg) |
Comment on lines
+32
to
+48
| if (image->adsp->man_v2_5 || image->adsp->man_ace_v1_5) { | ||
| const struct CsePartitionDirHeader_v2_5 *cse_hdr = buffer; | ||
|
|
||
| return cse_hdr->header_marker == CSE_HEADER_MAKER && | ||
| cse_hdr->nb_entries == MAN_CSE_PARTS && | ||
| cse_hdr->header_length >= sizeof(*cse_hdr) && | ||
| size >= sizeof(*cse_hdr); | ||
| } | ||
|
|
||
| if (image->adsp->man_v1_5 || image->adsp->man_v1_8) { | ||
| const struct CsePartitionDirHeader *cse_hdr = buffer; | ||
|
|
||
| return cse_hdr->header_marker == CSE_HEADER_MAKER && | ||
| cse_hdr->nb_entries == MAN_CSE_PARTS && | ||
| cse_hdr->header_length >= sizeof(*cse_hdr) && | ||
| size >= sizeof(*cse_hdr); | ||
| } |
| fprintf(stderr, "error: could not find valid CSE header $CPD in %s\n", | ||
| image->verify_file); | ||
| out: | ||
| free(buffer); |
Comment on lines
+1813
to
+1817
| if (fclose(image->out_fd)) { | ||
| ret = file_error("unable to close file after signing", image->out_file); | ||
| goto out; | ||
| } | ||
| image->out_fd = NULL; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
rimage resign was not working for certain devices alongside the manifest dump tooling needed updates for newer platforms too.