cr50: add plumbing for signing CR50 RO images

The signer utility needs to be built and the flat image needs to be
signed. The signer utility is written in C++, supporting this required
adding a new make command to Makefile.rules and a build file for the
utility.

The signing now needs to be a part of generating the .flat file. To
achieve this an alternative set of rules is defined in Makfile.rules
for targets where RO image needs to be signed.

Rules for converting elf to hex have been consolidated as there is no
need to omit the --set-section-flags when it does not apply.

BRANCH=none
BUG=chrome-os-partner:43025
TEST=as follows:
    - ran 'rm build/cr50; make BOARD=cr50'
    - observed that both build/cr50/ec.bin and
      build/cr50/RO/ec.RO.flat have the required signature header in
      the first 1024 bytes.
   - verified that the cr50 board can be booted over SPI using the
     image in build/cr50/RO/ec.RO.flat

Change-Id: Iacc22561de67fadfaf8e049bf9578cbd08cfad86
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/295291
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Aseda Aboagye <aaboagye@chromium.org>

Makefile

@@ -131,6 +131,7 @@ include power/build.mk
 include test/build.mk
 include util/build.mk
 include util/lock/build.mk
+include util/signer/build.mk
 
 includes+=$(includes-y)
 

Makefile.rules

@@ -42,10 +42,11 @@ cmd_lds = $(CPP) -P -C -MMD -MF $@.d -MT $@ $(CPPFLAGS) \
 cmd_obj_to_bin ?= $(OBJCOPY) --gap-fill=0xff -O binary $^ $(out)/$*.bin.tmp
 cmd_flat_to_obj = $(CC) -T $(out)/firmware_image.lds -nostdlib $(CPPFLAGS) \
                   -Wl,--build-id=none -o $@ $<
-cmd_elf_to_flat = $(OBJCOPY) -O binary $(patsubst %.flat,%.elf,$@) $@
 # Allow the .roshared section to overlap other sections (itself)
 cmd_ec_elf_to_flat ?= $(OBJCOPY) --set-section-flags .roshared=share \
-			-O binary $(patsubst %.flat,%.elf,$@) $@
+				-O binary $< $@
+cmd_raw_to_flat ?= $(out)/util/signer util/signer/rom-testkey.pem $< \
+	&& mv $<.signed $@
 cmd_elf_to_dis = $(OBJDUMP) -D $< > $@
 cmd_elf_to_hex = $(OBJCOPY) -O ihex $< $@
 cmd_bin_to_hex = $(OBJCOPY) -I binary -O ihex \
@@ -61,6 +62,8 @@ cmd_c_to_build = $(BUILDCC) $(BUILD_CFLAGS) \
 	         -MMD -MF $@.d -o $@
 cmd_c_to_host = $(HOSTCC) $(HOST_CFLAGS) -MMD -MF $@.d  -o $@ \
 	         $(sort $(foreach c,$($(*F)-objs),util/$(c:%.o=%.c)) $*.c)
+cmd_cxx_to_host = $(HOSTCXX) -std=c++0x $(COMMON_WARN) \
+	-I ./$($(notdir $@)_ROOT) -o $@ $(filter %.cc,$^) $($(notdir $@)_LIBS)
 cmd_host_test = ./util/run_host_test $* $(silent)
 cmd_date = $(if $(USE_GIT_DATE),cat /dev/null,./util/getdate.sh) > $@
 cmd_version = ./util/getversion.sh > $@
@@ -190,19 +193,27 @@ $(out)/$(PROJECT).obj: common/firmware_image.S $(out)/firmware_image.lds \
 $(out)/%.dis: $(out)/%.elf
 	$(call quiet,elf_to_dis,OBJDUMP)
 
-$(out)/%.flat: $(out)/%.elf $(out)/%.smap
-	$(call quiet,elf_to_flat,OBJCOPY)
-
-$(out)/RW/ec.RW.flat: $(out)/RW/ec.RW.elf $(out)/RW/ec.RW.smap
-	$(call quiet,ec_elf_to_flat,OBJCOPY)
-$(out)/RO/ec.RO.flat: $(out)/RO/ec.RO.elf $(out)/RO/ec.RO.smap
-	$(call quiet,ec_elf_to_flat,OBJCOPY)
-
 $(out)/RW/%.hex: $(out)/RW/%.elf $(out)/RW/%.smap
 	$(call quiet,elf_to_hex,OBJCOPY)
+
+ifeq ($(SIGNED_RO_IMAGE),)
+$(out)/%.flat: $(out)/%.elf $(out)/%.smap
+	$(call quiet,ec_elf_to_flat,OBJCOPY)
+
 $(out)/RO/%.hex: $(out)/RO/%.elf $(out)/RO/%.smap
 	$(call quiet,elf_to_hex,OBJCOPY)
+else
+$(out)/RW/ec.RW.flat: $(out)/RW/ec.RW.elf
+	$(call quiet,ec_elf_to_flat,OBJCOPY)
+$(out)/RO/ec.RO.flat.raw: $(out)/RO/ec.RO.elf $(out)/RO/ec.RO.smap
+	$(call quiet,ec_elf_to_flat,OBJCOPY)
 
+$(out)/RO/ec.RO.flat: $(out)/RO/ec.RO.flat.raw
+	$(call quiet,raw_to_flat,RO_SIGN)
+
+$(out)/RO/%.hex: $(out)/RO/%.flat
+	$(call quiet,bin_to_hex,OBJCOPY)
+endif
 $(out)/$(PROJECT).hex: $(out)/$(PROJECT).bin
 	$(call quiet,bin_to_hex,OBJCOPY)
 

Makefile.toolchain

@@ -18,11 +18,14 @@ OBJDUMP=$(CROSS_COMPILE)objdump
 PKG_CONFIG?=pkg-config
 BUILDCC?=gcc
 HOSTCC?=$(HOST_CROSS_COMPILE)gcc
+HOSTCXX?=$(HOST_CROSS_COMPILE)g++
 
-CFLAGS_WARN=-Wall -Werror -Wundef -Wstrict-prototypes -Wno-trigraphs      \
-            -fno-strict-aliasing -fno-common                              \
-            -Werror-implicit-function-declaration -Wno-format-security    \
-            -Wdeclaration-after-statement -Wno-pointer-sign -fno-strict-overflow
+C_WARN = -Wstrict-prototypes -Wdeclaration-after-statement -Wno-pointer-sign
+COMMON_WARN = -Wall -Werror -Wundef -Wno-trigraphs -fno-strict-aliasing \
+	-fno-common -Werror-implicit-function-declaration \
+	-Wno-format-security -fno-strict-overflow
+CFLAGS_WARN = $(COMMON_WARN) $(C_WARN)
+CXXFLAGS_WARN = $(COMMON_WARN)
 CFLAGS_DEBUG= -g
 CFLAGS_INCLUDE=$(foreach i,$(includes),-I$(i) ) -I.
 CFLAGS_TEST=$(if $(TEST_BUILD),-DTEST_BUILD \

chip/g/build.mk

@@ -4,6 +4,8 @@
 # found in the LICENSE file.
 #
 
+SIGNED_RO_IMAGE = 1
+
 CORE:=cortex-m
 CFLAGS_CPU+=-march=armv7-m -mcpu=cortex-m3
 
@@ -33,3 +35,7 @@ chip-$(CONFIG_USB_CONSOLE)+=usb_console.o
 chip-$(CONFIG_USB_HID)+=usb_hid.o
 # TODO(wfrichar): Document this (and all other CONFIG_USB_*) in config.h
 chip-$(CONFIG_USB_BLOB)+=usb_blob.o
+
+$(out)/RO/ec.RO.flat: $(out)/util/signer
+
+$(out)/RO/ec.RO.hex: $(out)/RO/ec.RO.flat

util/signer/build.mk

@@ -0,0 +1,16 @@
+# -*- makefile -*-
+# Copyright 2015 The Chromium OS Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+#
+# Lock library
+#
+
+signer_LIBS := -lcrypto
+signer_ROOT := util/signer
+SIGNER_DEPS := $(addprefix $(signer_ROOT)/, codesigner.cc \
+	publickey.cc publickey.h signed_header.h)
+
+$(out)/util/signer: $(SIGNER_DEPS)
+	$(call quiet,cxx_to_host,HOSTCXX)
+