imgtool: Add a possibility to attach manifest TLV

Add a simple logic that allows to attach a manifest TLV to an image.

Signed-off-by: Tomasz Chyrowicz <tomasz.chyrowicz@nordicsemi.no>

Author: tomchy

scripts/imgtool/image.py

@@ -39,6 +39,7 @@
 from cryptography.hazmat.primitives.kdf.hkdf import HKDF
 from cryptography.hazmat.primitives.serialization import Encoding, PublicFormat
 from intelhex import IntelHex
+from yaml import safe_load as yaml_safe_load
 
 from . import keys
 from . import version as versmod
@@ -93,6 +94,7 @@
         'COMP_DEC_SIZE' : 0x73,
         'UUID_VID': 0x74,
         'UUID_CID': 0x75,
+        'MANIFEST': 0x76,
 }
 
 TLV_SIZE = 4
@@ -282,6 +284,73 @@ def parse_uuid(namespace, value):
 
     return uuid_bytes
 
+class Manifest:
+    def __init__(self, endian, path):
+        self.path = path
+        self.format = 1
+        self.data = None
+        self.config = None
+        self.endian = endian
+        self.load()
+
+    def load(self):
+        try:
+            with open(self.path) as f:
+                self.config = yaml_safe_load(f)
+            format = self.config.get('format', 0)
+            if isinstance(format, str) and format.isdigit():
+                format = int(format)
+            if format != self.format:
+                raise click.UsageError(f"Unsupported manifest format: {format}")
+
+            # Encode manifest format
+            e = STRUCT_ENDIAN_DICT[self.endian]
+            self.data = struct.pack(e + 'I', format)
+
+            # Encode number of images/hashes
+            n_images = len(self.config.get('images', []))
+            self.data += struct.pack(e + 'I', n_images)
+
+            # Encode each image hash
+            exp_hash_len = None
+            for image in self.config.get('images', []):
+                if 'path' not in image and 'hash' not in image:
+                    raise click.UsageError(
+                        "Manifest image entry must contain either 'path' or 'hash'")
+
+                # Encode hash, based on the signed image path
+                if 'path' in image:
+                    (result, version, digest, _) = Image.verify(image['path'], None)
+                    if result != VerifyResult.OK:
+                        raise click.UsageError(f"Failed to verify image: {image['path']}")
+
+                    if exp_hash_len is None:
+                        exp_hash_len = len(digest)
+                    elif exp_hash_len != len(digest):
+                        raise click.UsageError("All image hashes must have the same length")
+                    self.data += struct.pack(e + f'{exp_hash_len}s', digest)
+
+                # Encode RAW image hash
+                if 'hash' in image:
+                    if exp_hash_len is None:
+                        exp_hash_len = len(bytes.fromhex(image['hash']))
+                    elif exp_hash_len != len(bytes.fromhex(image['hash'])):
+                        raise click.UsageError("All image hashes must have the same length")
+                    self.data += struct.pack(e + f'{exp_hash_len}s', bytes.fromhex(image['hash']))
+
+        except FileNotFoundError:
+            raise click.UsageError(f"Manifest file {self.path} not found") from None
+
+    def encode(self):
+        if self.data is None:
+            raise click.UsageError("Manifest data is empty")
+        return self.data
+
+    def __len__(self):
+        return len(self.data) if self.data is not None else 0
+
+    def __repr__(self):
+        return f"<Manifest path={self.path}, format={self.format}, len={len(self)}>"
 
 class Image:
 
@@ -291,7 +360,7 @@ def __init__(self, version=None, header_size=IMAGE_HEADER_SIZE,
                  overwrite_only=False, endian="little", load_addr=0,
                  rom_fixed=None, erased_val=None, save_enctlv=False,
                  security_counter=None, max_align=None,
-                 non_bootable=False, vid=None, cid=None):
+                 non_bootable=False, vid=None, cid=None, manifest=None):
 
         if load_addr and rom_fixed:
             raise click.UsageError("Can not set rom_fixed and load_addr at the same time")
@@ -323,6 +392,7 @@ def __init__(self, version=None, header_size=IMAGE_HEADER_SIZE,
         self.non_bootable = non_bootable
         self.vid = vid
         self.cid = cid
+        self.manifest = Manifest(endian=endian, path=manifest) if manifest is not None else None
 
         if self.max_align == DEFAULT_MAX_ALIGN:
             self.boot_magic = bytes([
@@ -352,7 +422,7 @@ def __repr__(self):
         return "<Image version={}, header_size={}, security_counter={}, \
                 base_addr={}, load_addr={}, align={}, slot_size={}, \
                 max_sectors={}, overwrite_only={}, endian={} format={}, \
-                payloadlen=0x{:x}, vid={}, cid={}>".format(
+                payloadlen=0x{:x}, vid={}, cid={}, manifest={}>".format(
                     self.version,
                     self.header_size,
                     self.security_counter,
@@ -366,7 +436,8 @@ def __repr__(self):
                     self.__class__.__name__,
                     len(self.payload),
                     self.vid,
-                    self.cid)
+                    self.cid,
+                    self.manifest)
 
     def load(self, path):
         """Load an image from a given file"""
@@ -556,6 +627,11 @@ def create(self, key, public_key_format, enckey, dependencies=None,
             #                                   = 4 + 16 = 20 Bytes
             protected_tlv_size += TLV_SIZE + 16
 
+        if self.manifest is not None:
+            # Size of the MANIFEST TLV: header ('HH') + payload (len(manifest))
+            #                                   = 4 + len(manifest) Bytes
+            protected_tlv_size += TLV_SIZE + len(self.manifest.encode())
+
         if sw_type is not None:
             if len(sw_type) > MAX_SW_TYPE_LENGTH:
                 msg = f"'{sw_type}' is too long ({len(sw_type)} characters) for sw_type. Its " \
@@ -671,6 +747,10 @@ def create(self, key, public_key_format, enckey, dependencies=None,
                 payload = struct.pack(e + '16s', cid)
                 prot_tlv.add('UUID_CID', payload)
 
+            if self.manifest is not None:
+                payload = self.manifest.encode()
+                prot_tlv.add('MANIFEST', payload)
+
             if custom_tlvs is not None:
                 for tag, value in custom_tlvs.items():
                     prot_tlv.add(tag, value)

scripts/imgtool/main.py

@@ -450,13 +450,15 @@ def convert(self, value, param, ctx):
               help='Unique vendor identifier, format: (<raw_uuid>|<domain_name)>')
 @click.option('--cid', default=None, required=False,
               help='Unique image class identifier, format: (<raw_uuid>|<image_class_name>)')
+@click.option('--manifest', default=None, required=False,
+              help='Path to the update manifest file')
 def sign(key, public_key_format, align, version, pad_sig, header_size,
          pad_header, slot_size, pad, confirm, test, max_sectors, overwrite_only,
          endian, encrypt_keylen, encrypt, compression, infile, outfile,
          dependencies, load_addr, hex_addr, erased_val, save_enctlv,
          security_counter, boot_record, custom_tlv, rom_fixed, max_align,
          clear, fix_sig, fix_sig_pubkey, sig_out, user_sha, hmac_sha, is_pure,
-         vector_to_sign, non_bootable, vid, cid):
+         vector_to_sign, non_bootable, vid, cid, manifest):
 
     if confirm or test:
         # Confirmed but non-padded images don't make much sense, because
@@ -469,7 +471,8 @@ def sign(key, public_key_format, align, version, pad_sig, header_size,
                       endian=endian, load_addr=load_addr, rom_fixed=rom_fixed,
                       erased_val=erased_val, save_enctlv=save_enctlv,
                       security_counter=security_counter, max_align=max_align,
-                      non_bootable=non_bootable, vid=vid, cid=cid)
+                      non_bootable=non_bootable, vid=vid, cid=cid,
+                      manifest=manifest)
     compression_tlvs = {}
     img.load(infile)
     key = load_key(key) if key else None
@@ -540,7 +543,7 @@ def sign(key, public_key_format, align, version, pad_sig, header_size,
                   load_addr=load_addr, rom_fixed=rom_fixed,
                   erased_val=erased_val, save_enctlv=save_enctlv,
                   security_counter=security_counter, max_align=max_align,
-                  vid=vid, cid=cid)
+                  vid=vid, cid=cid, manifest=manifest)
         compression_filters = [
             {"id": lzma.FILTER_LZMA2, "preset": comp_default_preset,
                 "dict_size": comp_default_dictsize, "lp": comp_default_lp,