Closed RanderWang closed 3 years ago
Would it not be better to just bypass the signing code (and hence the hashing and signing content will be 0).
you mean we bypass signing code when building FW ? we don't need to do it since we build a FW without any signature then add signature by rimage. But this is not fit for marc. This is his email: " I'm not sure you understand the build reproducibility idea. The idea is that for instance Curtis from Google does not trust the releases in sof-bin because he suspects they have been tampered with for some reason. This type of "supply chain" attack is more and more common. On the other hand, Curtis trusts the SOF sources because he has been scanning and monitoring them very closely. So he tries to rebuild the release himself and wants to compare it to the release in sof-bin. However the signature is now randomized with a salt, so the .ri files are always different even when their content is actually the same. "Un-rimaging" solves that problem, hence my question below.
Marc
PS: I'm also using build reproducibility locally to make sure some code changes don't affect the compiler output, that's super convenient because it means I don't need to run any test when I make such a change. In my workspace I have hardcoded the rimage date and salt but I obviously cannot submit that. "
@marc-hb do you have any comments to me and Liam ?
Manifest already includes reproducible hashes of the content. Lets use them.
Different approach in https://github.com/thesofproject/sof/pull/4889
CI has a requirment to compare fw content without any signature to check whether there is no change between two fw binaries. This patch will strip signature in signed fw and store it to nosig + fw name.
please check https://github.com/thesofproject/rimage/issues/41
tested on APL & TGL