Add support for extra security bit (#273)
* Add support for extra_security bits
* Only print in info -m
diff --git a/bintool/metadata.h b/bintool/metadata.h
index 76aed8b..306f1f2 100644
--- a/bintool/metadata.h
+++ b/bintool/metadata.h
@@ -16,6 +16,12 @@
#define DEBUG_LOG(...) ((void)0)
#endif
+// Support for SDK 2.1.0 & SDK 2.1.1 -----
+#ifndef PICOBIN_IMAGE_TYPE_EXE_EXTRA_SECURITY_BITS
+#define PICOBIN_IMAGE_TYPE_EXE_EXTRA_SECURITY_BITS _u(0x0800)
+#endif
+// ------
+
struct item;
template<typename InputIterator> std::vector<uint32_t> lsb_bytes_to_words(InputIterator begin, InputIterator end) {
@@ -176,6 +182,7 @@
image_type_exe_cpu cpu() const { return static_cast<image_type_exe_cpu>((flags & PICOBIN_IMAGE_TYPE_EXE_CPU_BITS) >> PICOBIN_IMAGE_TYPE_EXE_CPU_LSB); }
image_type_exe_chip chip() const { return static_cast<image_type_exe_chip>((flags & PICOBIN_IMAGE_TYPE_EXE_CHIP_BITS) >> PICOBIN_IMAGE_TYPE_EXE_CHIP_LSB); }
bool tbyb() const { return flags & PICOBIN_IMAGE_TYPE_EXE_TBYB_BITS; }
+ bool extra_security() const { return flags & PICOBIN_IMAGE_TYPE_EXE_EXTRA_SECURITY_BITS; }
uint16_t flags;
};
diff --git a/main.cpp b/main.cpp
index 053b9c4..0ed9803 100644
--- a/main.cpp
+++ b/main.cpp
@@ -3369,6 +3369,10 @@
if (image_def->tbyb()) {
info_pair("tbyb", "not bought");
}
+
+ if (verbose_metadata) {
+ info_pair("extra security", image_def->extra_security() ? "enabled" : "not enabled");
+ }
}
// Partition Table
@@ -5086,9 +5090,11 @@
new_block.items.push_back(version);
}
- // Add entry point when signing Arm images
+ // Add entry point and vector table when signing Arm images, and set PICOBIN_IMAGE_TYPE_EXE_EXTRA_SECURITY_BITS
std::shared_ptr<image_type_item> image_type = new_block.get_item<image_type_item>();
if (settings.seal.sign && image_type != nullptr && image_type->image_type() == type_exe && image_type->cpu() == cpu_arm) {
+ // Set PICOBIN_IMAGE_TYPE_EXE_EXTRA_SECURITY_BITS
+ image_type->flags |= PICOBIN_IMAGE_TYPE_EXE_EXTRA_SECURITY_BITS;
std::shared_ptr<entry_point_item> entry_point = new_block.get_item<entry_point_item>();
if (entry_point == nullptr) {
std::shared_ptr<vector_table_item> vtor = new_block.get_item<vector_table_item>();
@@ -5107,6 +5113,9 @@
vtor_loc += rwd->addr;
}
}
+
+ vtor = std::make_shared<vector_table_item>(vtor_loc);
+ new_block.items.push_back(vtor);
}
auto segment = elf->segment_from_virtual_address(vtor_loc);
if (segment == nullptr) {
@@ -5167,15 +5176,20 @@
new_block.items.push_back(version);
}
- // Add entry point when signing Arm images
+ // Add entry point and vector table when signing Arm images, and set PICOBIN_IMAGE_TYPE_EXE_EXTRA_SECURITY_BITS
std::shared_ptr<image_type_item> image_type = new_block.get_item<image_type_item>();
if (settings.seal.sign && image_type != nullptr && image_type->image_type() == type_exe && image_type->cpu() == cpu_arm) {
+ // Set PICOBIN_IMAGE_TYPE_EXE_EXTRA_SECURITY_BITS
+ image_type->flags |= PICOBIN_IMAGE_TYPE_EXE_EXTRA_SECURITY_BITS;
std::shared_ptr<entry_point_item> entry_point = new_block.get_item<entry_point_item>();
if (entry_point == nullptr) {
std::shared_ptr<vector_table_item> vtor = new_block.get_item<vector_table_item>();
uint32_t vtor_loc = bin_start;
if (vtor != nullptr) {
vtor_loc = vtor->addr;
+ } else {
+ vtor = std::make_shared<vector_table_item>(vtor_loc);
+ new_block.items.push_back(vtor);
}
auto offset = vtor_loc - bin_start;
uint32_t ep;
