2018-06-08 20:29:43 +08:00
|
|
|
from __future__ import print_function
|
2012-01-28 02:44:53 +08:00
|
|
|
#
|
|
|
|
# Option ROM signing utility
|
|
|
|
#
|
|
|
|
# Authors:
|
|
|
|
# Jan Kiszka <jan.kiszka@siemens.com>
|
|
|
|
#
|
|
|
|
# This work is licensed under the terms of the GNU GPL, version 2 or later.
|
|
|
|
# See the COPYING file in the top-level directory.
|
|
|
|
|
|
|
|
import sys
|
|
|
|
import struct
|
|
|
|
|
|
|
|
if len(sys.argv) < 3:
|
|
|
|
print('usage: signrom.py input output')
|
|
|
|
sys.exit(1)
|
|
|
|
|
|
|
|
fin = open(sys.argv[1], 'rb')
|
|
|
|
fout = open(sys.argv[2], 'wb')
|
|
|
|
|
2016-05-12 05:06:46 +08:00
|
|
|
magic = fin.read(2)
|
2018-01-16 21:42:12 +08:00
|
|
|
if magic != b'\x55\xaa':
|
2016-05-12 05:06:46 +08:00
|
|
|
sys.exit("%s: option ROM does not begin with magic 55 aa" % sys.argv[1])
|
|
|
|
|
2016-05-12 05:06:45 +08:00
|
|
|
size_byte = ord(fin.read(1))
|
2012-01-28 02:44:53 +08:00
|
|
|
fin.seek(0)
|
linuxboot_dma: avoid guest ABI breakage on gcc vs. clang compilation
Recent GCC compiles linuxboot_dma.c to 921 bytes, while CentOS 6 needs
1029 and clang needs 1527. Because the size of the ROM, rounded to the
next 512 bytes, must match, this causes the API to break between a <1K
ROM and one that is bigger.
We want to make the ROM 1.5 KB in size, but it's better to make clang
produce leaner ROMs, because currently it is worryingly close to the limit.
To fix this prevent clang's happy inlining (which -Os cannot prevent).
This only requires adding a noinline attribute.
Second, the patch makes sure that the ROM has enough padding to prevent
ABI breakage on different compilers. The size is now hardcoded in the file
that is passed to signrom.py, as was the case before commit 6f71b77
("scripts/signrom.py: Allow option ROM checksum script to write the size
header.", 2016-05-23); signrom.py however will still pad the input to
the requested size. This ensures that the padding goes beyond the
next multiple of 512 if necessary, and also avoids the need for
-fno-toplevel-reorder which clang doesn't support. signrom.py can then
error out if the requested size is too small for the actual size of the
compiled ROM.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-05 16:51:37 +08:00
|
|
|
data = fin.read()
|
2016-05-12 05:06:45 +08:00
|
|
|
|
linuxboot_dma: avoid guest ABI breakage on gcc vs. clang compilation
Recent GCC compiles linuxboot_dma.c to 921 bytes, while CentOS 6 needs
1029 and clang needs 1527. Because the size of the ROM, rounded to the
next 512 bytes, must match, this causes the API to break between a <1K
ROM and one that is bigger.
We want to make the ROM 1.5 KB in size, but it's better to make clang
produce leaner ROMs, because currently it is worryingly close to the limit.
To fix this prevent clang's happy inlining (which -Os cannot prevent).
This only requires adding a noinline attribute.
Second, the patch makes sure that the ROM has enough padding to prevent
ABI breakage on different compilers. The size is now hardcoded in the file
that is passed to signrom.py, as was the case before commit 6f71b77
("scripts/signrom.py: Allow option ROM checksum script to write the size
header.", 2016-05-23); signrom.py however will still pad the input to
the requested size. This ensures that the padding goes beyond the
next multiple of 512 if necessary, and also avoids the need for
-fno-toplevel-reorder which clang doesn't support. signrom.py can then
error out if the requested size is too small for the actual size of the
compiled ROM.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-05 16:51:37 +08:00
|
|
|
size = size_byte * 512
|
|
|
|
if len(data) > size:
|
|
|
|
sys.stderr.write('error: ROM is too large (%d > %d)\n' % (len(data), size))
|
|
|
|
sys.exit(1)
|
|
|
|
elif len(data) < size:
|
|
|
|
# Add padding if necessary, rounding the whole input to a multiple of
|
|
|
|
# 512 bytes according to the third byte of the input.
|
2016-05-12 05:06:45 +08:00
|
|
|
# size-1 because a final byte is added below to store the checksum.
|
2018-01-16 21:42:12 +08:00
|
|
|
data = data.ljust(size-1, b'\0')
|
2016-05-12 05:06:45 +08:00
|
|
|
else:
|
linuxboot_dma: avoid guest ABI breakage on gcc vs. clang compilation
Recent GCC compiles linuxboot_dma.c to 921 bytes, while CentOS 6 needs
1029 and clang needs 1527. Because the size of the ROM, rounded to the
next 512 bytes, must match, this causes the API to break between a <1K
ROM and one that is bigger.
We want to make the ROM 1.5 KB in size, but it's better to make clang
produce leaner ROMs, because currently it is worryingly close to the limit.
To fix this prevent clang's happy inlining (which -Os cannot prevent).
This only requires adding a noinline attribute.
Second, the patch makes sure that the ROM has enough padding to prevent
ABI breakage on different compilers. The size is now hardcoded in the file
that is passed to signrom.py, as was the case before commit 6f71b77
("scripts/signrom.py: Allow option ROM checksum script to write the size
header.", 2016-05-23); signrom.py however will still pad the input to
the requested size. This ensures that the padding goes beyond the
next multiple of 512 if necessary, and also avoids the need for
-fno-toplevel-reorder which clang doesn't support. signrom.py can then
error out if the requested size is too small for the actual size of the
compiled ROM.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-08-05 16:51:37 +08:00
|
|
|
if ord(data[-1:]) != 0:
|
|
|
|
sys.stderr.write('WARNING: ROM includes nonzero checksum\n')
|
|
|
|
data = data[:size-1]
|
2016-05-12 05:06:45 +08:00
|
|
|
|
2012-01-28 02:44:53 +08:00
|
|
|
fout.write(data)
|
|
|
|
|
|
|
|
checksum = 0
|
|
|
|
for b in data:
|
|
|
|
# catch Python 2 vs. 3 differences
|
|
|
|
if isinstance(b, int):
|
|
|
|
checksum += b
|
|
|
|
else:
|
|
|
|
checksum += ord(b)
|
|
|
|
checksum = (256 - checksum) % 256
|
|
|
|
|
|
|
|
# Python 3 no longer allows chr(checksum)
|
|
|
|
fout.write(struct.pack('B', checksum))
|
|
|
|
|
|
|
|
fin.close()
|
|
|
|
fout.close()
|