mfg: Verify embedded images separately
Prior to this commit, the `"mfg".Mfg.VerifyManifest()` function
attempted to verify all of an mfg's embedded images. This resulted in a
clunky and unfriendly API:
* The caller was required to pass in a set of public signing keys and
private encryption keys.
* There was no way to verify the manifest without also checking the
embedded images. E.g., if the caller doesn't have access to encryption
keys, this function would fail even if the mfgimage is correct.
Now `VerifyManifest()` does not verify the embedded images. To verify
the embedded images, the caller should call `"mfg".Mfg.ExtractImages()`
and call the image verification functions on each image separately.
diff --git a/mfg/mfg.go b/mfg/mfg.go
index 2667003..b46fd4f 100644
--- a/mfg/mfg.go
+++ b/mfg/mfg.go
@@ -24,6 +24,8 @@
"github.com/apache/mynewt-artifact/errors"
"github.com/apache/mynewt-artifact/flash"
+ "github.com/apache/mynewt-artifact/image"
+ "github.com/apache/mynewt-artifact/manifest"
)
const MFG_BIN_IMG_FILENAME = "mfgimg.bin"
@@ -210,3 +212,42 @@
return m.Meta.Tlvs
}
}
+
+func (m *Mfg) extractImage(area flash.FlashArea, eraseVal byte) (image.Image, error) {
+ bin, err := m.ExtractFlashArea(area, eraseVal)
+ if err != nil {
+ return image.Image{}, err
+ }
+
+ img, err := image.ParseImage(bin)
+ if err != nil {
+ return image.Image{}, errors.Wrapf(err,
+ "failed to extract image from mfgimage; area=\"%s\"", area.Name)
+ }
+
+ return img, nil
+}
+
+// Constructs the set of images embedded in an mfgimage.
+func (m *Mfg) ExtractImages(man manifest.MfgManifest) ([]image.Image, error) {
+ var imgs []image.Image
+ for _, t := range man.Targets {
+ fa := man.FindFlashAreaDevOff(man.Device, t.Offset)
+ if fa == nil {
+ return nil, errors.Errorf(
+ "no flash area in mfgimage corresponding to target \"%s\"",
+ t.Name)
+ }
+
+ if !t.IsBoot() {
+ img, err := m.extractImage(*fa, man.EraseVal)
+ if err != nil {
+ return nil, err
+ }
+
+ imgs = append(imgs, img)
+ }
+ }
+
+ return imgs, nil
+}
diff --git a/mfg/verify.go b/mfg/verify.go
index cff0a79..5d660d1 100644
--- a/mfg/verify.go
+++ b/mfg/verify.go
@@ -25,7 +25,6 @@
"github.com/apache/mynewt-artifact/errors"
"github.com/apache/mynewt-artifact/flash"
- "github.com/apache/mynewt-artifact/image"
"github.com/apache/mynewt-artifact/manifest"
"github.com/apache/mynewt-artifact/sec"
)
@@ -123,37 +122,6 @@
return nil
}
-func (m *Mfg) validateManTargets(man manifest.MfgManifest) error {
- for _, t := range man.Targets {
- fa := man.FindFlashAreaDevOff(man.Device, t.Offset)
- if fa == nil {
- return errors.Errorf(
- "no flash area in mfgimage corresponding to target \"%s\"",
- t.Name)
- }
-
- data, err := m.ExtractFlashArea(*fa, man.EraseVal)
- if err != nil {
- return err
- }
-
- if !t.IsBoot() {
- img, err := image.ParseImage(data)
- if err != nil {
- return errors.Wrapf(err,
- "error parsing build \"%s\" embedded in mfgimage", t.Name)
- }
-
- if err := img.VerifyStructure(); err != nil {
- return errors.Wrapf(err,
- "mfgimage contains invalid build \"%s\"", t.Name)
- }
- }
- }
-
- return nil
-}
-
// VerifyStructure checks an mfgimage's structure and internal consistency. It
// returns an error if the mfgimage is incorrect.
func (m *Mfg) VerifyStructure(eraseVal byte) error {
@@ -213,9 +181,13 @@
return err
}
- // Verify each embedded build.
- if err := m.validateManTargets(man); err != nil {
- return err
+ // Make sure each target is fully present.
+ for _, t := range man.Targets {
+ if man.FindFlashAreaDevOff(man.Device, t.Offset) == nil {
+ return errors.Errorf(
+ "no flash area in mfgimage corresponding to target \"%s\"",
+ t.Name)
+ }
}
return nil
