Add verify command for lpc55 #21
Conversation
hubtools/src/lib.rs
Outdated
| pub fn verify( | ||
| &mut self, | ||
| src_cmpa: PathBuf, | ||
| src_cfpa: PathBuf, |
There was a problem hiding this comment.
API nit - I think these should probably be either &[u8] or even [u8; 512]. In the wicket case we will have fetched these via MGS and have them in memory already, right? If we make them [u8; 512] we can also ditch the new "bad length" error variants, since we force the callers to size them correctly.
hubtools/src/lib.rs
Outdated
|
|
||
| lpc55_sign::verify::log_verify_only_on_failure(); | ||
| lpc55_sign::verify::verify_image(&self.image.data, cmpa, cfpa) | ||
| .map_err(|e| Error::Lpc55(e))?; |
There was a problem hiding this comment.
How much information do we get back from this e? Looking at the output from your run:
[ERROR lpc55_sign::verify] ROTKH in CMPA does not match RKH table in image
Error: LPC55 support error: verification failed; see log for details
Caused by:
verification failed; see log for details
I think we'd really like the ROTKH in CMPA does not match RKH table in image message to be in the error and not just the log (where does that log end up if I'm using this as a library from a running service?), although this looks like an issue in lpc55_sign and not this PR.
There was a problem hiding this comment.
We only get a yes/no answer right now from verify. I was debating switching verify to have proper error type and I think your point about running this as a service is a good argument for cleaning that up.
There was a problem hiding this comment.
I fixed up the verify_image function to return a proper error
Verify that a particular binary will work with a specified CMPA/CFPA combination
Verify that a particular binary will work with a specified CMPA/CFPA combination