From 6b2df6f2b58ef291905756e1cf2fd41c749fb81a Mon Sep 17 00:00:00 2001 From: Guillaume Endignoux Date: Tue, 9 Jun 2020 16:25:22 +0200 Subject: [PATCH 1/5] Add elf2tab output to reproducible reference, to easily check for binary size regressions. --- .github/workflows/reproducible.yml | 2 + deploy.py | 15 +++++- reproduce_board.sh | 6 ++- reproduce_hashes.sh | 1 + reproducible/reference_elf2tab.txt | 76 ++++++++++++++++++++++++++++++ 5 files changed, 98 insertions(+), 2 deletions(-) create mode 100644 reproducible/reference_elf2tab.txt diff --git a/.github/workflows/reproducible.yml b/.github/workflows/reproducible.yml index 44f816c..7a24dc4 100644 --- a/.github/workflows/reproducible.yml +++ b/.github/workflows/reproducible.yml @@ -36,5 +36,7 @@ jobs: name: reproduced-${{ matrix.os }} path: reproducible/reproduced.tar + - name: Comparing binary sizes + run: git diff --no-index reproducible/reference_elf2tab.txt reproducible/elf2tab.txt - name: Comparing cryptographic hashes run: git diff --no-index reproducible/reference_binaries_${{ matrix.os }}.sha256sum reproducible/binaries.sha256sum diff --git a/deploy.py b/deploy.py index 38be497..ba7404f 100755 --- a/deploy.py +++ b/deploy.py @@ -428,7 +428,12 @@ class OpenSKInstaller: "--stack={}".format(STACK_SIZE), "--app-heap={}".format(APP_HEAP_SIZE), "--kernel-heap=1024", "--protected-region-size=64" ]) - self.checked_command(elf2tab_args) + if self.args.elf2tab_output: + output = self.checked_command_output(elf2tab_args) + with open(self.args.elf2tab_output, 'a') as f: + f.write(output) + else: + self.checked_command(elf2tab_args) def install_tab_file(self, tab_filename): assert self.args.application @@ -861,6 +866,14 @@ if __name__ == "__main__": "storage (i.e. unplugging the key will reset the key)."), ) + main_parser.add_argument( + "--elf2tab-output", + metavar="FILE", + dest="elf2tab_output", + default=None, + help=("When set, the output of elf2tab is appended to this file."), + ) + apps_group = main_parser.add_mutually_exclusive_group(required=True) apps_group.add_argument( "--no-app", diff --git a/reproduce_board.sh b/reproduce_board.sh index 19730e8..f241d13 100755 --- a/reproduce_board.sh +++ b/reproduce_board.sh @@ -16,10 +16,14 @@ set -ex echo "Board: $BOARD" +echo "========================================" >> reproducible/elf2tab.txt +echo "Board: $BOARD" >> reproducible/elf2tab.txt +echo "----------------------------------------" >> reproducible/elf2tab.txt + ./deploy.py --verbose-build --board=$BOARD --no-app --programmer=none ./third_party/tock/tools/sha256sum/target/debug/sha256sum third_party/tock/target/thumbv7em-none-eabi/release/$BOARD.bin >> reproducible/binaries.sha256sum tar -rvf reproducible/reproduced.tar third_party/tock/target/thumbv7em-none-eabi/release/$BOARD.bin -./deploy.py --verbose-build --board=$BOARD --opensk --programmer=none +./deploy.py --verbose-build --board=$BOARD --opensk --programmer=none --elf2tab-output reproducible/elf2tab.txt ./third_party/tock/tools/sha256sum/target/debug/sha256sum target/${BOARD}_merged.hex >> reproducible/binaries.sha256sum tar -rvf reproducible/reproduced.tar target/${BOARD}_merged.hex diff --git a/reproduce_hashes.sh b/reproduce_hashes.sh index 9480472..d30a9bd 100755 --- a/reproduce_hashes.sh +++ b/reproduce_hashes.sh @@ -16,6 +16,7 @@ set -ex rm -f reproducible/binaries.sha256sum +rm -f reproducible/elf2tab.txt echo "Creating reproducible/reproduced.tar" touch empty_file diff --git a/reproducible/reference_elf2tab.txt b/reproducible/reference_elf2tab.txt new file mode 100644 index 0000000..0cb796e --- /dev/null +++ b/reproducible/reference_elf2tab.txt @@ -0,0 +1,76 @@ +======================================== +Board: nrf52840dk +---------------------------------------- +Min RAM size from sections in ELF: 16 bytes +Number of writeable flash regions: 0 + Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes. +Entry point is in .text section + Adding .text section. Offset: 128 (0x80). Length: 176436 (0x2b134) bytes. + Adding .stack section. Offset: 176564 (0x2b1b4). Length: 16384 (0x4000) bytes. +Searching for .rel.X sections to add. +TBF Header: + version: 2 0x2 + header_size: 44 0x2C + total_size: 262144 0x40000 + flags: 1 0x1 + + init_fn_offset: 85 0x55 + protected_size: 20 0x14 + minimum_ram_size: 107424 0x1A3A0 +======================================== +Board: nrf52840_dongle +---------------------------------------- +Min RAM size from sections in ELF: 16 bytes +Number of writeable flash regions: 0 + Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes. +Entry point is in .text section + Adding .text section. Offset: 128 (0x80). Length: 176436 (0x2b134) bytes. + Adding .stack section. Offset: 176564 (0x2b1b4). Length: 16384 (0x4000) bytes. +Searching for .rel.X sections to add. +TBF Header: + version: 2 0x2 + header_size: 44 0x2C + total_size: 262144 0x40000 + flags: 1 0x1 + + init_fn_offset: 85 0x55 + protected_size: 20 0x14 + minimum_ram_size: 107424 0x1A3A0 +======================================== +Board: nrf52840_dongle_dfu +---------------------------------------- +Min RAM size from sections in ELF: 16 bytes +Number of writeable flash regions: 0 + Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes. +Entry point is in .text section + Adding .text section. Offset: 128 (0x80). Length: 176436 (0x2b134) bytes. + Adding .stack section. Offset: 176564 (0x2b1b4). Length: 16384 (0x4000) bytes. +Searching for .rel.X sections to add. +TBF Header: + version: 2 0x2 + header_size: 44 0x2C + total_size: 262144 0x40000 + flags: 1 0x1 + + init_fn_offset: 85 0x55 + protected_size: 20 0x14 + minimum_ram_size: 107424 0x1A3A0 +======================================== +Board: nrf52840_mdk_dfu +---------------------------------------- +Min RAM size from sections in ELF: 16 bytes +Number of writeable flash regions: 0 + Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes. +Entry point is in .text section + Adding .text section. Offset: 128 (0x80). Length: 176436 (0x2b134) bytes. + Adding .stack section. Offset: 176564 (0x2b1b4). Length: 16384 (0x4000) bytes. +Searching for .rel.X sections to add. +TBF Header: + version: 2 0x2 + header_size: 44 0x2C + total_size: 262144 0x40000 + flags: 1 0x1 + + init_fn_offset: 85 0x55 + protected_size: 20 0x14 + minimum_ram_size: 107424 0x1A3A0 From 2acacb659165343818c66523b4975bc1a693059f Mon Sep 17 00:00:00 2001 From: Guillaume Endignoux Date: Tue, 9 Jun 2020 16:28:33 +0200 Subject: [PATCH 2/5] Update .gitignore. --- .gitignore | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.gitignore b/.gitignore index 239f05a..626f9dd 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,8 @@ Cargo.lock # Prevent people from commiting sensitive files. crypto_data/ + +# Temporary files. +reproducible/binaries.sha256sum +reproducible/elf2tab.txt +reproducible/reproduced.tar From ad044972b5391a1cdc25d4d00d73cd8f3dff0832 Mon Sep 17 00:00:00 2001 From: Guillaume Endignoux Date: Tue, 9 Jun 2020 16:43:01 +0200 Subject: [PATCH 3/5] Per-OS reproducible elf2tab. --- .github/workflows/reproducible.yml | 2 +- ....txt => reference_elf2tab_macos-10.15.txt} | 16 ++-- .../reference_elf2tab_ubuntu-18.04.txt | 76 +++++++++++++++++++ 3 files changed, 85 insertions(+), 9 deletions(-) rename reproducible/{reference_elf2tab.txt => reference_elf2tab_macos-10.15.txt} (82%) create mode 100644 reproducible/reference_elf2tab_ubuntu-18.04.txt diff --git a/.github/workflows/reproducible.yml b/.github/workflows/reproducible.yml index 7a24dc4..16a95b2 100644 --- a/.github/workflows/reproducible.yml +++ b/.github/workflows/reproducible.yml @@ -37,6 +37,6 @@ jobs: path: reproducible/reproduced.tar - name: Comparing binary sizes - run: git diff --no-index reproducible/reference_elf2tab.txt reproducible/elf2tab.txt + run: git diff --no-index reproducible/reference_elf2tab_${{ matrix.os }}.txt reproducible/elf2tab.txt - name: Comparing cryptographic hashes run: git diff --no-index reproducible/reference_binaries_${{ matrix.os }}.sha256sum reproducible/binaries.sha256sum diff --git a/reproducible/reference_elf2tab.txt b/reproducible/reference_elf2tab_macos-10.15.txt similarity index 82% rename from reproducible/reference_elf2tab.txt rename to reproducible/reference_elf2tab_macos-10.15.txt index 0cb796e..94273d9 100644 --- a/reproducible/reference_elf2tab.txt +++ b/reproducible/reference_elf2tab_macos-10.15.txt @@ -5,8 +5,8 @@ Min RAM size from sections in ELF: 16 bytes Number of writeable flash regions: 0 Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes. Entry point is in .text section - Adding .text section. Offset: 128 (0x80). Length: 176436 (0x2b134) bytes. - Adding .stack section. Offset: 176564 (0x2b1b4). Length: 16384 (0x4000) bytes. + Adding .text section. Offset: 128 (0x80). Length: 175636 (0x2ae14) bytes. + Adding .stack section. Offset: 175764 (0x2ae94). Length: 16384 (0x4000) bytes. Searching for .rel.X sections to add. TBF Header: version: 2 0x2 @@ -24,8 +24,8 @@ Min RAM size from sections in ELF: 16 bytes Number of writeable flash regions: 0 Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes. Entry point is in .text section - Adding .text section. Offset: 128 (0x80). Length: 176436 (0x2b134) bytes. - Adding .stack section. Offset: 176564 (0x2b1b4). Length: 16384 (0x4000) bytes. + Adding .text section. Offset: 128 (0x80). Length: 175636 (0x2ae14) bytes. + Adding .stack section. Offset: 175764 (0x2ae94). Length: 16384 (0x4000) bytes. Searching for .rel.X sections to add. TBF Header: version: 2 0x2 @@ -43,8 +43,8 @@ Min RAM size from sections in ELF: 16 bytes Number of writeable flash regions: 0 Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes. Entry point is in .text section - Adding .text section. Offset: 128 (0x80). Length: 176436 (0x2b134) bytes. - Adding .stack section. Offset: 176564 (0x2b1b4). Length: 16384 (0x4000) bytes. + Adding .text section. Offset: 128 (0x80). Length: 175636 (0x2ae14) bytes. + Adding .stack section. Offset: 175764 (0x2ae94). Length: 16384 (0x4000) bytes. Searching for .rel.X sections to add. TBF Header: version: 2 0x2 @@ -62,8 +62,8 @@ Min RAM size from sections in ELF: 16 bytes Number of writeable flash regions: 0 Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes. Entry point is in .text section - Adding .text section. Offset: 128 (0x80). Length: 176436 (0x2b134) bytes. - Adding .stack section. Offset: 176564 (0x2b1b4). Length: 16384 (0x4000) bytes. + Adding .text section. Offset: 128 (0x80). Length: 175636 (0x2ae14) bytes. + Adding .stack section. Offset: 175764 (0x2ae94). Length: 16384 (0x4000) bytes. Searching for .rel.X sections to add. TBF Header: version: 2 0x2 diff --git a/reproducible/reference_elf2tab_ubuntu-18.04.txt b/reproducible/reference_elf2tab_ubuntu-18.04.txt new file mode 100644 index 0000000..fd00e16 --- /dev/null +++ b/reproducible/reference_elf2tab_ubuntu-18.04.txt @@ -0,0 +1,76 @@ +======================================== +Board: nrf52840dk +---------------------------------------- +Min RAM size from sections in ELF: 16 bytes +Number of writeable flash regions: 0 + Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes. +Entry point is in .text section + Adding .text section. Offset: 128 (0x80). Length: 175252 (0x2ac94) bytes. + Adding .stack section. Offset: 175380 (0x2ad14). Length: 16384 (0x4000) bytes. +Searching for .rel.X sections to add. +TBF Header: + version: 2 0x2 + header_size: 44 0x2C + total_size: 262144 0x40000 + flags: 1 0x1 + + init_fn_offset: 85 0x55 + protected_size: 20 0x14 + minimum_ram_size: 107424 0x1A3A0 +======================================== +Board: nrf52840_dongle +---------------------------------------- +Min RAM size from sections in ELF: 16 bytes +Number of writeable flash regions: 0 + Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes. +Entry point is in .text section + Adding .text section. Offset: 128 (0x80). Length: 175252 (0x2ac94) bytes. + Adding .stack section. Offset: 175380 (0x2ad14). Length: 16384 (0x4000) bytes. +Searching for .rel.X sections to add. +TBF Header: + version: 2 0x2 + header_size: 44 0x2C + total_size: 262144 0x40000 + flags: 1 0x1 + + init_fn_offset: 85 0x55 + protected_size: 20 0x14 + minimum_ram_size: 107424 0x1A3A0 +======================================== +Board: nrf52840_dongle_dfu +---------------------------------------- +Min RAM size from sections in ELF: 16 bytes +Number of writeable flash regions: 0 + Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes. +Entry point is in .text section + Adding .text section. Offset: 128 (0x80). Length: 175252 (0x2ac94) bytes. + Adding .stack section. Offset: 175380 (0x2ad14). Length: 16384 (0x4000) bytes. +Searching for .rel.X sections to add. +TBF Header: + version: 2 0x2 + header_size: 44 0x2C + total_size: 262144 0x40000 + flags: 1 0x1 + + init_fn_offset: 85 0x55 + protected_size: 20 0x14 + minimum_ram_size: 107424 0x1A3A0 +======================================== +Board: nrf52840_mdk_dfu +---------------------------------------- +Min RAM size from sections in ELF: 16 bytes +Number of writeable flash regions: 0 + Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes. +Entry point is in .text section + Adding .text section. Offset: 128 (0x80). Length: 175252 (0x2ac94) bytes. + Adding .stack section. Offset: 175380 (0x2ad14). Length: 16384 (0x4000) bytes. +Searching for .rel.X sections to add. +TBF Header: + version: 2 0x2 + header_size: 44 0x2C + total_size: 262144 0x40000 + flags: 1 0x1 + + init_fn_offset: 85 0x55 + protected_size: 20 0x14 + minimum_ram_size: 107424 0x1A3A0 From 3124735cf17d34c9126c5f9ccc47771b1867611a Mon Sep 17 00:00:00 2001 From: Guillaume Endignoux Date: Tue, 9 Jun 2020 16:54:44 +0200 Subject: [PATCH 4/5] Use argparse.FileType as suggested in review. --- deploy.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy.py b/deploy.py index ba7404f..d9661c0 100755 --- a/deploy.py +++ b/deploy.py @@ -430,8 +430,7 @@ class OpenSKInstaller: ]) if self.args.elf2tab_output: output = self.checked_command_output(elf2tab_args) - with open(self.args.elf2tab_output, 'a') as f: - f.write(output) + self.args.elf2tab_output.write(output) else: self.checked_command(elf2tab_args) @@ -869,6 +868,7 @@ if __name__ == "__main__": main_parser.add_argument( "--elf2tab-output", metavar="FILE", + type=argparse.FileType("a"), dest="elf2tab_output", default=None, help=("When set, the output of elf2tab is appended to this file."), From 475e218663425287026c8846ed8eee81668f1ca0 Mon Sep 17 00:00:00 2001 From: Guillaume Endignoux Date: Tue, 9 Jun 2020 16:56:38 +0200 Subject: [PATCH 5/5] Address review comment. --- reproduce_board.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/reproduce_board.sh b/reproduce_board.sh index f241d13..d978c98 100755 --- a/reproduce_board.sh +++ b/reproduce_board.sh @@ -24,6 +24,6 @@ echo "----------------------------------------" >> reproducible/elf2tab.txt ./third_party/tock/tools/sha256sum/target/debug/sha256sum third_party/tock/target/thumbv7em-none-eabi/release/$BOARD.bin >> reproducible/binaries.sha256sum tar -rvf reproducible/reproduced.tar third_party/tock/target/thumbv7em-none-eabi/release/$BOARD.bin -./deploy.py --verbose-build --board=$BOARD --opensk --programmer=none --elf2tab-output reproducible/elf2tab.txt +./deploy.py --verbose-build --board=$BOARD --opensk --programmer=none --elf2tab-output=reproducible/elf2tab.txt ./third_party/tock/tools/sha256sum/target/debug/sha256sum target/${BOARD}_merged.hex >> reproducible/binaries.sha256sum tar -rvf reproducible/reproduced.tar target/${BOARD}_merged.hex