kmwebnet/OpenSK
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #117 from gendx/reproducible-elf2tab

Browse Source 
Add elf2tab output to the reproducible checks
This commit is contained in:
gendx
2020-06-09 17:06:19 +02:00
committed by GitHub
parent 0316d7f7e4 475e218663
commit a57bc15bbb
7 changed files with 179 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/reproducible.yml vendored
View File

@@ -36,5 +36,7 @@ jobs:
name: reproduced-${{ matrix.os }} name: reproduced-${{ matrix.os }}
path: reproducible/reproduced.tar path: reproducible/reproduced.tar
- name: Comparing binary sizes
run: git diff --no-index reproducible/reference_elf2tab_${{ matrix.os }}.txt reproducible/elf2tab.txt
- name: Comparing cryptographic hashes - name: Comparing cryptographic hashes
run: git diff --no-index reproducible/reference_binaries_${{ matrix.os }}.sha256sum reproducible/binaries.sha256sum run: git diff --no-index reproducible/reference_binaries_${{ matrix.os }}.sha256sum reproducible/binaries.sha256sum

5
.gitignore vendored
View File

@@ -3,3 +3,8 @@ Cargo.lock
# Prevent people from commiting sensitive files. # Prevent people from commiting sensitive files.
crypto_data/ crypto_data/
# Temporary files.
reproducible/binaries.sha256sum
reproducible/elf2tab.txt
reproducible/reproduced.tar

15
deploy.py
View File

@@ -428,7 +428,11 @@ class OpenSKInstaller:
"--stack={}".format(STACK_SIZE), "--app-heap={}".format(APP_HEAP_SIZE), "--stack={}".format(STACK_SIZE), "--app-heap={}".format(APP_HEAP_SIZE),
"--kernel-heap=1024", "--protected-region-size=64" "--kernel-heap=1024", "--protected-region-size=64"
]) ])
self.checked_command(elf2tab_args) if self.args.elf2tab_output:
output = self.checked_command_output(elf2tab_args)
self.args.elf2tab_output.write(output)
else:
self.checked_command(elf2tab_args)
def install_tab_file(self, tab_filename): def install_tab_file(self, tab_filename):
assert self.args.application assert self.args.application
@@ -861,6 +865,15 @@ if __name__ == "__main__":
"storage (i.e. unplugging the key will reset the key)."), "storage (i.e. unplugging the key will reset the key)."),
) )
main_parser.add_argument(
"--elf2tab-output",
metavar="FILE",
type=argparse.FileType("a"),
dest="elf2tab_output",
default=None,
help=("When set, the output of elf2tab is appended to this file."),
)
apps_group = main_parser.add_mutually_exclusive_group(required=True) apps_group = main_parser.add_mutually_exclusive_group(required=True)
apps_group.add_argument( apps_group.add_argument(
"--no-app", "--no-app",

6
reproduce_board.sh
View File

@@ -16,10 +16,14 @@
set -ex set -ex
echo "Board: $BOARD" echo "Board: $BOARD"
echo "========================================" >> reproducible/elf2tab.txt
echo "Board: $BOARD" >> reproducible/elf2tab.txt
echo "----------------------------------------" >> reproducible/elf2tab.txt
./deploy.py --verbose-build --board=$BOARD --no-app --programmer=none ./deploy.py --verbose-build --board=$BOARD --no-app --programmer=none
./third_party/tock/tools/sha256sum/target/debug/sha256sum third_party/tock/target/thumbv7em-none-eabi/release/$BOARD.bin >> reproducible/binaries.sha256sum ./third_party/tock/tools/sha256sum/target/debug/sha256sum third_party/tock/target/thumbv7em-none-eabi/release/$BOARD.bin >> reproducible/binaries.sha256sum
tar -rvf reproducible/reproduced.tar third_party/tock/target/thumbv7em-none-eabi/release/$BOARD.bin tar -rvf reproducible/reproduced.tar third_party/tock/target/thumbv7em-none-eabi/release/$BOARD.bin
./deploy.py --verbose-build --board=$BOARD --opensk --programmer=none ./deploy.py --verbose-build --board=$BOARD --opensk --programmer=none --elf2tab-output=reproducible/elf2tab.txt
./third_party/tock/tools/sha256sum/target/debug/sha256sum target/${BOARD}_merged.hex >> reproducible/binaries.sha256sum ./third_party/tock/tools/sha256sum/target/debug/sha256sum target/${BOARD}_merged.hex >> reproducible/binaries.sha256sum
tar -rvf reproducible/reproduced.tar target/${BOARD}_merged.hex tar -rvf reproducible/reproduced.tar target/${BOARD}_merged.hex

1
reproduce_hashes.sh
View File

@@ -16,6 +16,7 @@
set -ex set -ex
rm -f reproducible/binaries.sha256sum rm -f reproducible/binaries.sha256sum
rm -f reproducible/elf2tab.txt
echo "Creating reproducible/reproduced.tar" echo "Creating reproducible/reproduced.tar"
touch empty_file touch empty_file

76
reproducible/reference_elf2tab_macos-10.15.txt Normal file
View File

@@ -0,0 +1,76 @@
========================================
Board: nrf52840dk
----------------------------------------
Min RAM size from sections in ELF: 16 bytes
Number of writeable flash regions: 0
Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
Entry point is in .text section
Adding .text section. Offset: 128 (0x80). Length: 175636 (0x2ae14) bytes.
Adding .stack section. Offset: 175764 (0x2ae94). Length: 16384 (0x4000) bytes.
Searching for .rel.X sections to add.
TBF Header:
version: 2 0x2
header_size: 44 0x2C
total_size: 262144 0x40000
flags: 1 0x1
init_fn_offset: 85 0x55
protected_size: 20 0x14
minimum_ram_size: 107424 0x1A3A0
========================================
Board: nrf52840_dongle
----------------------------------------
Min RAM size from sections in ELF: 16 bytes
Number of writeable flash regions: 0
Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
Entry point is in .text section
Adding .text section. Offset: 128 (0x80). Length: 175636 (0x2ae14) bytes.
Adding .stack section. Offset: 175764 (0x2ae94). Length: 16384 (0x4000) bytes.
Searching for .rel.X sections to add.
TBF Header:
version: 2 0x2
header_size: 44 0x2C
total_size: 262144 0x40000
flags: 1 0x1
init_fn_offset: 85 0x55
protected_size: 20 0x14
minimum_ram_size: 107424 0x1A3A0
========================================
Board: nrf52840_dongle_dfu
----------------------------------------
Min RAM size from sections in ELF: 16 bytes
Number of writeable flash regions: 0
Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
Entry point is in .text section
Adding .text section. Offset: 128 (0x80). Length: 175636 (0x2ae14) bytes.
Adding .stack section. Offset: 175764 (0x2ae94). Length: 16384 (0x4000) bytes.
Searching for .rel.X sections to add.
TBF Header:
version: 2 0x2
header_size: 44 0x2C
total_size: 262144 0x40000
flags: 1 0x1
init_fn_offset: 85 0x55
protected_size: 20 0x14
minimum_ram_size: 107424 0x1A3A0
========================================
Board: nrf52840_mdk_dfu
----------------------------------------
Min RAM size from sections in ELF: 16 bytes
Number of writeable flash regions: 0
Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
Entry point is in .text section
Adding .text section. Offset: 128 (0x80). Length: 175636 (0x2ae14) bytes.
Adding .stack section. Offset: 175764 (0x2ae94). Length: 16384 (0x4000) bytes.
Searching for .rel.X sections to add.
TBF Header:
version: 2 0x2
header_size: 44 0x2C
total_size: 262144 0x40000
flags: 1 0x1
init_fn_offset: 85 0x55
protected_size: 20 0x14
minimum_ram_size: 107424 0x1A3A0

76
reproducible/reference_elf2tab_ubuntu-18.04.txt Normal file
View File

@@ -0,0 +1,76 @@
========================================
Board: nrf52840dk
----------------------------------------
Min RAM size from sections in ELF: 16 bytes
Number of writeable flash regions: 0
Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
Entry point is in .text section
Adding .text section. Offset: 128 (0x80). Length: 175252 (0x2ac94) bytes.
Adding .stack section. Offset: 175380 (0x2ad14). Length: 16384 (0x4000) bytes.
Searching for .rel.X sections to add.
TBF Header:
version: 2 0x2
header_size: 44 0x2C
total_size: 262144 0x40000
flags: 1 0x1
init_fn_offset: 85 0x55
protected_size: 20 0x14
minimum_ram_size: 107424 0x1A3A0
========================================
Board: nrf52840_dongle
----------------------------------------
Min RAM size from sections in ELF: 16 bytes
Number of writeable flash regions: 0
Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
Entry point is in .text section
Adding .text section. Offset: 128 (0x80). Length: 175252 (0x2ac94) bytes.
Adding .stack section. Offset: 175380 (0x2ad14). Length: 16384 (0x4000) bytes.
Searching for .rel.X sections to add.
TBF Header:
version: 2 0x2
header_size: 44 0x2C
total_size: 262144 0x40000
flags: 1 0x1
init_fn_offset: 85 0x55
protected_size: 20 0x14
minimum_ram_size: 107424 0x1A3A0
========================================
Board: nrf52840_dongle_dfu
----------------------------------------
Min RAM size from sections in ELF: 16 bytes
Number of writeable flash regions: 0
Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
Entry point is in .text section
Adding .text section. Offset: 128 (0x80). Length: 175252 (0x2ac94) bytes.
Adding .stack section. Offset: 175380 (0x2ad14). Length: 16384 (0x4000) bytes.
Searching for .rel.X sections to add.
TBF Header:
version: 2 0x2
header_size: 44 0x2C
total_size: 262144 0x40000
flags: 1 0x1
init_fn_offset: 85 0x55
protected_size: 20 0x14
minimum_ram_size: 107424 0x1A3A0
========================================
Board: nrf52840_mdk_dfu
----------------------------------------
Min RAM size from sections in ELF: 16 bytes
Number of writeable flash regions: 0
Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
Entry point is in .text section
Adding .text section. Offset: 128 (0x80). Length: 175252 (0x2ac94) bytes.
Adding .stack section. Offset: 175380 (0x2ad14). Length: 16384 (0x4000) bytes.
Searching for .rel.X sections to add.
TBF Header:
version: 2 0x2
header_size: 44 0x2C
total_size: 262144 0x40000
flags: 1 0x1
init_fn_offset: 85 0x55
protected_size: 20 0x14
minimum_ram_size: 107424 0x1A3A0