Add an entry point when signing Arm images (#163)

Reads the entry point and stack pointer from the vector table
raspberrypi · Nov 21, 2024 · 081a386 · 081a386
1 parent fb85aca
commit 081a386
Showing 1 changed file with 56 additions and 0 deletions.
diff --git a/main.cpp b/main.cpp
@@ -4607,6 +4607,41 @@ void sign_guts_elf(elf_file* elf, private_t private_key, public_t public_key) {
         new_block.items.push_back(version);
     }
 
+    // Add entry point when signing Arm images
+    std::shared_ptr<image_type_item> image_type = new_block.get_item<image_type_item>();
+    if (settings.seal.sign && image_type != nullptr && image_type->image_type() == type_exe && image_type->cpu() == cpu_arm) {
+        std::shared_ptr<entry_point_item> entry_point = new_block.get_item<entry_point_item>();
+        if (entry_point == nullptr) {
+            std::shared_ptr<vector_table_item> vtor = new_block.get_item<vector_table_item>();
+            uint32_t vtor_loc = 0x10000000;
+            if (vtor != nullptr) {
+                vtor_loc = vtor->addr;
+            } else {
+                if (elf->header().entry >= SRAM_START) {
+                    vtor_loc = 0x20000000;
+                } else if (elf->header().entry >= XIP_SRAM_START_RP2350) {
+                    vtor_loc = 0x13ffc000;
+                } else {
+                    vtor_loc = 0x10000000;
+                    std::shared_ptr<rolling_window_delta_item> rwd = new_block.get_item<rolling_window_delta_item>();
+                    if (rwd != nullptr) {
+                        vtor_loc += rwd->addr;
+                    }
+                }
+            }
+            auto segment = elf->segment_from_physical_address(vtor_loc);
+            auto content = elf->content(*segment);
+            auto offset = vtor_loc - segment->physical_address();
+            uint32_t ep;
+            memcpy(&ep, content.data() + offset + 4, sizeof(ep));
+            uint32_t sp;
+            memcpy(&sp, content.data() + offset, sizeof(sp));
+            DEBUG_LOG("Adding entry_point_item: ep %08x, sp %08x\n", ep, sp);
+            entry_point = std::make_shared<entry_point_item>(ep, sp);
+            new_block.items.push_back(entry_point);
+        }
+    }
+
     hash_andor_sign(
         elf, &new_block, public_key, private_key,
         settings.seal.hash, settings.seal.sign,
@@ -4643,6 +4678,27 @@ vector<uint8_t> sign_guts_bin(iostream_memory_access in, private_t private_key,
         new_block.items.push_back(version);
     }
 
+    // Add entry point when signing Arm images
+    std::shared_ptr<image_type_item> image_type = new_block.get_item<image_type_item>();
+    if (settings.seal.sign && image_type != nullptr && image_type->image_type() == type_exe && image_type->cpu() == cpu_arm) {
+        std::shared_ptr<entry_point_item> entry_point = new_block.get_item<entry_point_item>();
+        if (entry_point == nullptr) {
+            std::shared_ptr<vector_table_item> vtor = new_block.get_item<vector_table_item>();
+            uint32_t vtor_loc = bin_start;
+            if (vtor != nullptr) {
+                vtor_loc = vtor->addr;
+            }
+            auto offset = vtor_loc - bin_start;
+            uint32_t ep;
+            memcpy(&ep, bin.data() + offset + 4, sizeof(ep));
+            uint32_t sp;
+            memcpy(&sp, bin.data() + offset, sizeof(sp));
+            DEBUG_LOG("Adding entry_point_item: ep %08x, sp %08x\n", ep, sp);
+            entry_point = std::make_shared<entry_point_item>(ep, sp);
+            new_block.items.push_back(entry_point);
+        }
+    }
+
     auto sig_data = hash_andor_sign(
         bin, bin_start, bin_start,
         &new_block, public_key, private_key,