Signature verification prior to startup - page 8 - General Discussion and Assistance - CHDK Forum

Signature verification prior to startup

  • 83 Replies
  • 21428 Views
*

Offline srsa_4c

  • ******
  • 4090
Re: Signature verification prior to startup
« Reply #70 on: 12 / December / 2015, 20:56:23 »
Advertisements
http://www.mighty-hoernsche.de/trunk/ 4311 boots OK for me on d10 and a540.
Yes, the fw version strings look OK now.

I'll write a short checklist for developers, a failing compatibility check can be fairly discouraging when somebody tries to make a new port.

*

Offline srsa_4c

  • ******
  • 4090
Re: Signature verification prior to startup
« Reply #71 on: 12 / December / 2015, 21:50:25 »
blob_chdk_core seems unaligned (0x1c7f),
(...)
The included core is unaligned.

edit:
Could be the linker script?
Yes, the linker script isn't working well for cases when the total length of loader's variables is not multiples of 4. This is currently breaking the ixus 30 and 40 ports (due to the shorter version strings).

I think the following should fix this, but I'm not committing it yet (first time I ever looked at a linker script):
Code: [Select]
Index: tools/link-boot.ld
===================================================================
--- tools/link-boot.ld (revision 4311)
+++ tools/link-boot.ld (working copy)
@@ -19,6 +19,7 @@
  link_data_start = .;
     *(.rodata*)
     *(.rdata)
+    . = ALIGN(4);
     *(.blob*)
  *(.data)
  . = ALIGN(4);
The resulting diskboot is correct and working on the ixus40.

*

Offline reyalp

  • ******
  • 12322
Re: Signature verification prior to startup
« Reply #72 on: 12 / December / 2015, 23:11:39 »
I think the following should fix this, but I'm not committing it yet (first time I ever looked at a linker script):
Code: [Select]
Index: tools/link-boot.ld
===================================================================
--- tools/link-boot.ld (revision 4311)
+++ tools/link-boot.ld (working copy)
@@ -19,6 +19,7 @@
  link_data_start = .;
     *(.rodata*)
     *(.rdata)
+    . = ALIGN(4);
     *(.blob*)
  *(.data)
  . = ALIGN(4);
The resulting diskboot is correct and working on the ixus40.
I don't know much about them either, but it makes sense to me.
Don't forget what the H stands for.

*

Offline srsa_4c

  • ******
  • 4090
Re: Signature verification prior to startup
« Reply #73 on: 13 / December / 2015, 10:18:00 »
Made batch builds with and without the alignment fix, checked some randomly chosen diskboot (main.bin) images and found no adverse effects. Fix committed.


*

Offline srsa_4c

  • ******
  • 4090
Compatibility check - notes for developers
« Reply #74 on: 17 / December / 2015, 18:10:27 »
Compatibility check is active by default starting with CHDK 1.5 (current development trunk).

In case of problems, it can be disabled in the build by defining OPT_DISABLE_COMPAT_CHECK=1 in localbuildconf.inc or on the command line.

The following is mandatory

The port's bin_compat.h header (it's in the platform/CAM/sub/FW/ directory) needs to be correct. bin_compat.h is created automatically during build: see the lines following 'bin_compat.h:' in platform/makefile_sub.inc. Since bin_compat.h is not added to svn, its content can only be verified after building CHDK.
If - for some reason - it's not generated correctly, it can be overridden with a manually created file named bin_comp_fix.h (this one has to be placed in platform/CAM/sub/FW/ and added to svn).

bin_comp_fix.h is needed if any of the following is true:
- stubs_entry.S is not created (missing sigfinder support or incomplete firmware dump)
- the port supports more than one camera model

an example (sx280 102c, supporting 3 models and 2 fw versions):

ver_sig_t ver_sigs[]={
    {(const char *)0xfc142895, "GM1.02C"},
    {(const char *)0xfc142895, "GM1.02D"},
};
pid_sig_t pid_sigs[]={
    {(short *)0xfdf60040, 12895}, // sx280hs
    {(short *)0xfdf60040, 12896}, // sx270hs
    {(short *)0xfdf60040, 12899}, // sx275hs
};


The entries in ver_sigs[] are: firmware version string, ROM address of the fw version string
The entries in pid_sigs[] are: camera model's "platform ID" and its location in ROM. Warning: the address used here has to be available on all models that use the same dancingbits encoding and ARM architecture.

In the port's loader, following is required:

For DIGIC II, III, 4, 4+ and 5, the code in loader/CAM/entry.S should start with these two instructions

    LDR     SP, =MEMBASEADDR
    BL      check_compat


For DIGIC 6, the check_compat() function can instead be called in loader/CAM/main.c, as in the sx280 port.


The rest is optional, but highly encouraged

Incompatible builds can blink on the camera if the following information is available:
- BLINK_LED_CONTROL is defined in platform/CAM/makefile.inc (it can be commented out as it is harvested by a script)
  This needs to be one of the constants listed after "LED control methods" in loader/generic/check_compat.c .
  Use a number, not one of the macros
- BLINK_LED_GPIO is defined in platform/CAM/makefile.inc (it can be commented out as it is harvested by a script)
  This is the MMIO address of a known LED.
- PLATFORMID @ address is defined in the port-specific stubs_entry.S or makefile.inc
- Dancingbits encoding (NEED_ENCODED_DISKBOOT) is defined in a port-specific makefile.inc
- PLATFORMID is defined in a port-specific makefile.inc (this is mandatory for a port anyway)
- The port has to be added to camera_list.csv
- If all above is done, 'make compat-table' needs to be executed to re-generate loader/generic/compat_table.h


Also see this description.

edit:
typo
« Last Edit: 18 / December / 2015, 17:33:06 by srsa_4c »

*

Offline msl

  • *****
  • 1265
  • A720 IS, SX220 HS 1.01a
    • CHDK-DE links
Re: Signature verification prior to startup
« Reply #75 on: 18 / December / 2015, 08:14:38 »
Very nice work and  important. Thanks for that.

There is a small issue with the compiler under windows.
Code: [Select]
grep: invalid option -- mAn investigation revealed that the option 'm' is not usable for Windows.
=> https://www.assembla.com/spaces/chdk/subversion/source/HEAD/trunk/platform/makefile_sub.inc#ln153

msl
CHDK-DE:  CHDK-DE links

*

Offline srsa_4c

  • ******
  • 4090
Re: Signature verification prior to startup
« Reply #76 on: 18 / December / 2015, 12:31:38 »
There is a small issue with the compiler under windows.
Code: [Select]
grep: invalid option -- mAn investigation revealed that the option 'm' is not usable for Windows.
I assume that's the old grep.exe that comes with CHDK Shell (both recent Cygwin and MinGW releases know that option).
I'll see if I can get rid of -m1. First try seems successful (the generated bin_compat.h files are the same with and without that option, on Linux).

edit:
As it turned out, the option was not even necessary (was a leftover from command line experiments). All instances of -m1 removed in changeset 4314.
« Last Edit: 18 / December / 2015, 17:02:01 by srsa_4c »

Re: Compatibility check - notes for developers
« Reply #77 on: 04 / July / 2017, 18:48:27 »
Compatibility check is active by default starting with CHDK 1.5 (current development trunk).
While porting the G16,  I created a bin_comp_fix.h and manually dug out the correct addresses and strings for pid_sigs[ ] and ver_sigs[ ].  Everything seemed to work correctly (i.e. my 1.01c port boots just fine) but the blind version of the 1.00h I created apparently does not load.

So I started experimenting with bin_comp_fix.h to see if I might have made an error there.   Interestingly enough,  if I purposely create errors in that file (i.e. wrong address or firmware string) for my 1.01c version, it still loads correctly ?

Which I think tells me the compatibility check is not working - at least with my toolchain.  I don't have OPT_DISABLE_COMPAT_CHECK defined anywhere.

What am I likely missing here?
Ported :   A1200    SD940   G10    Powershot N    G16


*

Offline reyalp

  • ******
  • 12322
Re: Compatibility check - notes for developers
« Reply #78 on: 04 / July / 2017, 18:52:07 »
While porting the G16,  I created a bin_comp_fix.h and manually dug out the correct addresses and strings for pid_sigs[ ] and ver_sigs[ ].  Everything seemed to work correctly (i.e. my 1.01c port boots just fine) but the blind version of the 1.00h I created apparently does not load.
Note that if things are completely set up, loading the wrong firmware on a camera with the same diskboot encoding should blink an LED.

Quote
So I started experimenting with bin_comp_fix.h to see if I might have made an error there.   Interestingly enough,  if I purposely create errors in that file (i.e. wrong address or firmware string) for my 1.01c version, it still loads correctly ?
Have you included check_compat() in loader?
Don't forget what the H stands for.

Re: Compatibility check - notes for developers
« Reply #79 on: 04 / July / 2017, 18:58:24 »
While porting the G16,  I created a bin_comp_fix.h and manually dug out the correct addresses and strings for pid_sigs[ ] and ver_sigs[ ].  Everything seemed to work correctly (i.e. my 1.01c port boots just fine) but the blind version of the 1.00h I created apparently does not load.
Note that if things are completely set up, loading the wrong firmware on a camera with the same diskboot encoding should blink an LED.
That's what I was hoping to see as I try to isolate the problem with the blind port.

Quote
Have you included check_compat() in loader?
I sure did.  And then I commented it out during my initial attempts to get something to boot.  Ouch.   :-[

Thanks.


EDIT : working now - tested with bad PID string - boot halts with the OVF green LED slowly blinking.
« Last Edit: 04 / July / 2017, 19:16:48 by waterwingz »
Ported :   A1200    SD940   G10    Powershot N    G16

 

Related Topics