commit 71b8f981df4f4e65df1757c6ba14ce8d2b7e7696
author David Vincze <david.vincze@linaro.org> Tue Mar 17 19:08:12 2020 +0100
committer Dávid Vincze <david.vincze@arm.com> Thu Mar 26 12:23:36 2020 +0100
tree f68ddffbfb06dd7270a8632169679544c75e5afe
parent 1084100cf4d3c17c4e212f167e3fc0199aa898de

imgtool: Add CBOR encoded boot record to TLV area

Add new '--boot-record' option for imgtool to add a new type of TLV to
the image manifest called BOOT_RECORD. This TLV contains CBOR encoded
data with some basic information about the image (SW component) it
belongs to, these are the following:
- SW type (role of the software component)
- SW version
- Signer ID (identifies the signing authority)
- Measurement value (hash of the image)
- Measurement type (algorithm used to calculate the measurement value)

The boot_record.py file and most of the modifications in image.py are
coming from the Trusted Firmware-M project
(https://www.trustedfirmware.org/about/).
Hash of the source commit: 08d5572b4bcee306d8cf709c2200359a22d5b72c.

This patch is based on the recommendations of Arm's Platform Security
Architecture (PSA) and its purpose is to support compliance with it.

Change-Id: I379ccc57b48ad2311837cb3fd90f5f9d1c9b5bac
Signed-off-by: David Vincze <david.vincze@linaro.org>

scripts/imgtool/main.py

diff --git a/scripts/imgtool/main.py b/scripts/imgtool/main.py
index d998c5b..fa15200 100755
--- a/scripts/imgtool/main.py
+++ b/scripts/imgtool/main.py
@@ -1,6 +1,6 @@
 #! /usr/bin/env python3
 #
-# Copyright 2017 Linaro Limited
+# Copyright 2017-2020 Linaro Limited
 # Copyright 2019-2020 Arm Limited
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -24,6 +24,11 @@
 from imgtool.version import decode_version
 from .keys import RSAUsageError, ECDSAUsageError, Ed25519UsageError
 
+MIN_PYTHON_VERSION = (3, 6)
+if sys.version_info < MIN_PYTHON_VERSION:
+    sys.exit("Python %s.%s or newer is required by imgtool."
+             % MIN_PYTHON_VERSION)
+
 
 def gen_rsa2048(keyfile, passwd):
     keys.RSA.generate().export_private(path=keyfile, passwd=passwd)
@@ -230,6 +235,10 @@
               default='little', help="Select little or big endian")
 @click.option('--overwrite-only', default=False, is_flag=True,
               help='Use overwrite-only instead of swap upgrades')
+@click.option('--boot-record', metavar='sw_type', help='Create CBOR encoded '
+              'boot record TLV. The sw_type represents the role of the '
+              'software component (e.g. CoFM for coprocessor firmware). '
+              '[max. 12 characters]')
 @click.option('-M', '--max-sectors', type=int,
               help='When padding allow for this amount of sectors (defaults '
                    'to 128)')
@@ -263,7 +272,7 @@
 def sign(key, align, version, pad_sig, header_size, pad_header, slot_size, pad, confirm,
          max_sectors, overwrite_only, endian, encrypt, infile, outfile,
          dependencies, load_addr, hex_addr, erased_val, save_enctlv,
-         security_counter):
+         security_counter, boot_record):
     img = image.Image(version=decode_version(version), header_size=header_size,
                       pad_header=pad_header, pad=pad, confirm=confirm,
                       align=int(align), slot_size=slot_size,
@@ -286,7 +295,7 @@
     if pad_sig and hasattr(key, 'pad_sig'):
         key.pad_sig = True
 
-    img.create(key, enckey, dependencies)
+    img.create(key, enckey, dependencies, boot_record)
     img.save(outfile, hex_addr)