diff --git a/.github/workflows/reproducible.yml b/.github/workflows/reproducible.yml
index 44f816c24db0f4e9378a2bd3c237196bc2e59833..16a95b2b93eb9566e59da15795a7a1e8324087e1 100644
--- a/.github/workflows/reproducible.yml
+++ b/.github/workflows/reproducible.yml
@@ -36,5 +36,7 @@ jobs:
name: reproduced-${{ matrix.os }}
path: reproducible/reproduced.tar
+ - name: Comparing binary sizes
+ run: git diff --no-index reproducible/reference_elf2tab_${{ matrix.os }}.txt reproducible/elf2tab.txt
- name: Comparing cryptographic hashes
run: git diff --no-index reproducible/reference_binaries_${{ matrix.os }}.sha256sum reproducible/binaries.sha256sum
diff --git a/.gitignore b/.gitignore
index 239f05a75a3154ed87d3f292a51d1309cb4fadc0..626f9ddc653869b6ce27a341bcdbb50b8d19c9f2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,8 @@ Cargo.lock
# Prevent people from commiting sensitive files.
crypto_data/
+
+# Temporary files.
+reproducible/binaries.sha256sum
+reproducible/elf2tab.txt
+reproducible/reproduced.tar
diff --git a/deploy.py b/deploy.py
index 38be4977683b4c8c147cd2b07d92bd253b540d48..d9661c0906d9e38a2c4373b040569c9835b04cd7 100755
--- a/deploy.py
+++ b/deploy.py
@@ -428,7 +428,11 @@ class OpenSKInstaller:
"--stack={}".format(STACK_SIZE), "--app-heap={}".format(APP_HEAP_SIZE),
"--kernel-heap=1024", "--protected-region-size=64"
])
- self.checked_command(elf2tab_args)
+ if self.args.elf2tab_output:
+ output = self.checked_command_output(elf2tab_args)
+ self.args.elf2tab_output.write(output)
+ else:
+ self.checked_command(elf2tab_args)
def install_tab_file(self, tab_filename):
assert self.args.application
@@ -861,6 +865,15 @@ if __name__ == "__main__":
"storage (i.e. unplugging the key will reset the key)."),
)
+ main_parser.add_argument(
+ "--elf2tab-output",
+ metavar="FILE",
+ type=argparse.FileType("a"),
+ dest="elf2tab_output",
+ default=None,
+ help=("When set, the output of elf2tab is appended to this file."),
+ )
+
apps_group = main_parser.add_mutually_exclusive_group(required=True)
apps_group.add_argument(
"--no-app",
diff --git a/reproduce_board.sh b/reproduce_board.sh
index 19730e8f83b5f5cf082bfb8d8c86b7ea30909ccb..d978c98130c0029ef596c935afc9d484c218fc36 100755
--- a/reproduce_board.sh
+++ b/reproduce_board.sh
@@ -16,10 +16,14 @@
set -ex
echo "Board: $BOARD"
+echo "========================================" >> reproducible/elf2tab.txt
+echo "Board: $BOARD" >> reproducible/elf2tab.txt
+echo "----------------------------------------" >> reproducible/elf2tab.txt
+
./deploy.py --verbose-build --board=$BOARD --no-app --programmer=none
./third_party/tock/tools/sha256sum/target/debug/sha256sum third_party/tock/target/thumbv7em-none-eabi/release/$BOARD.bin >> reproducible/binaries.sha256sum
tar -rvf reproducible/reproduced.tar third_party/tock/target/thumbv7em-none-eabi/release/$BOARD.bin
-./deploy.py --verbose-build --board=$BOARD --opensk --programmer=none
+./deploy.py --verbose-build --board=$BOARD --opensk --programmer=none --elf2tab-output=reproducible/elf2tab.txt
./third_party/tock/tools/sha256sum/target/debug/sha256sum target/${BOARD}_merged.hex >> reproducible/binaries.sha256sum
tar -rvf reproducible/reproduced.tar target/${BOARD}_merged.hex
diff --git a/reproduce_hashes.sh b/reproduce_hashes.sh
index 9480472bb6aabbd6745ce272915ec2dd876cabcd..d30a9bd86496a4c8d873363a14f2f62ebe9564ed 100755
--- a/reproduce_hashes.sh
+++ b/reproduce_hashes.sh
@@ -16,6 +16,7 @@
set -ex
rm -f reproducible/binaries.sha256sum
+rm -f reproducible/elf2tab.txt
echo "Creating reproducible/reproduced.tar"
touch empty_file
diff --git a/reproducible/reference_elf2tab_macos-10.15.txt b/reproducible/reference_elf2tab_macos-10.15.txt
new file mode 100644
index 0000000000000000000000000000000000000000..94273d954f74f6e5608738d2b5ca44ab69e7246f
--- /dev/null
+++ b/reproducible/reference_elf2tab_macos-10.15.txt
@@ -0,0 +1,76 @@
+========================================
+Board: nrf52840dk
+----------------------------------------
+Min RAM size from sections in ELF: 16 bytes
+Number of writeable flash regions: 0
+ Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
+Entry point is in .text section
+ Adding .text section. Offset: 128 (0x80). Length: 175636 (0x2ae14) bytes.
+ Adding .stack section. Offset: 175764 (0x2ae94). Length: 16384 (0x4000) bytes.
+Searching for .rel.X sections to add.
+TBF Header:
+ version: 2 0x2
+ header_size: 44 0x2C
+ total_size: 262144 0x40000
+ flags: 1 0x1
+
+ init_fn_offset: 85 0x55
+ protected_size: 20 0x14
+ minimum_ram_size: 107424 0x1A3A0
+========================================
+Board: nrf52840_dongle
+----------------------------------------
+Min RAM size from sections in ELF: 16 bytes
+Number of writeable flash regions: 0
+ Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
+Entry point is in .text section
+ Adding .text section. Offset: 128 (0x80). Length: 175636 (0x2ae14) bytes.
+ Adding .stack section. Offset: 175764 (0x2ae94). Length: 16384 (0x4000) bytes.
+Searching for .rel.X sections to add.
+TBF Header:
+ version: 2 0x2
+ header_size: 44 0x2C
+ total_size: 262144 0x40000
+ flags: 1 0x1
+
+ init_fn_offset: 85 0x55
+ protected_size: 20 0x14
+ minimum_ram_size: 107424 0x1A3A0
+========================================
+Board: nrf52840_dongle_dfu
+----------------------------------------
+Min RAM size from sections in ELF: 16 bytes
+Number of writeable flash regions: 0
+ Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
+Entry point is in .text section
+ Adding .text section. Offset: 128 (0x80). Length: 175636 (0x2ae14) bytes.
+ Adding .stack section. Offset: 175764 (0x2ae94). Length: 16384 (0x4000) bytes.
+Searching for .rel.X sections to add.
+TBF Header:
+ version: 2 0x2
+ header_size: 44 0x2C
+ total_size: 262144 0x40000
+ flags: 1 0x1
+
+ init_fn_offset: 85 0x55
+ protected_size: 20 0x14
+ minimum_ram_size: 107424 0x1A3A0
+========================================
+Board: nrf52840_mdk_dfu
+----------------------------------------
+Min RAM size from sections in ELF: 16 bytes
+Number of writeable flash regions: 0
+ Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
+Entry point is in .text section
+ Adding .text section. Offset: 128 (0x80). Length: 175636 (0x2ae14) bytes.
+ Adding .stack section. Offset: 175764 (0x2ae94). Length: 16384 (0x4000) bytes.
+Searching for .rel.X sections to add.
+TBF Header:
+ version: 2 0x2
+ header_size: 44 0x2C
+ total_size: 262144 0x40000
+ flags: 1 0x1
+
+ init_fn_offset: 85 0x55
+ protected_size: 20 0x14
+ minimum_ram_size: 107424 0x1A3A0
diff --git a/reproducible/reference_elf2tab_ubuntu-18.04.txt b/reproducible/reference_elf2tab_ubuntu-18.04.txt
new file mode 100644
index 0000000000000000000000000000000000000000..fd00e1663cf7013d39f3fcc74040fa1b77f87044
--- /dev/null
+++ b/reproducible/reference_elf2tab_ubuntu-18.04.txt
@@ -0,0 +1,76 @@
+========================================
+Board: nrf52840dk
+----------------------------------------
+Min RAM size from sections in ELF: 16 bytes
+Number of writeable flash regions: 0
+ Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
+Entry point is in .text section
+ Adding .text section. Offset: 128 (0x80). Length: 175252 (0x2ac94) bytes.
+ Adding .stack section. Offset: 175380 (0x2ad14). Length: 16384 (0x4000) bytes.
+Searching for .rel.X sections to add.
+TBF Header:
+ version: 2 0x2
+ header_size: 44 0x2C
+ total_size: 262144 0x40000
+ flags: 1 0x1
+
+ init_fn_offset: 85 0x55
+ protected_size: 20 0x14
+ minimum_ram_size: 107424 0x1A3A0
+========================================
+Board: nrf52840_dongle
+----------------------------------------
+Min RAM size from sections in ELF: 16 bytes
+Number of writeable flash regions: 0
+ Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
+Entry point is in .text section
+ Adding .text section. Offset: 128 (0x80). Length: 175252 (0x2ac94) bytes.
+ Adding .stack section. Offset: 175380 (0x2ad14). Length: 16384 (0x4000) bytes.
+Searching for .rel.X sections to add.
+TBF Header:
+ version: 2 0x2
+ header_size: 44 0x2C
+ total_size: 262144 0x40000
+ flags: 1 0x1
+
+ init_fn_offset: 85 0x55
+ protected_size: 20 0x14
+ minimum_ram_size: 107424 0x1A3A0
+========================================
+Board: nrf52840_dongle_dfu
+----------------------------------------
+Min RAM size from sections in ELF: 16 bytes
+Number of writeable flash regions: 0
+ Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
+Entry point is in .text section
+ Adding .text section. Offset: 128 (0x80). Length: 175252 (0x2ac94) bytes.
+ Adding .stack section. Offset: 175380 (0x2ad14). Length: 16384 (0x4000) bytes.
+Searching for .rel.X sections to add.
+TBF Header:
+ version: 2 0x2
+ header_size: 44 0x2C
+ total_size: 262144 0x40000
+ flags: 1 0x1
+
+ init_fn_offset: 85 0x55
+ protected_size: 20 0x14
+ minimum_ram_size: 107424 0x1A3A0
+========================================
+Board: nrf52840_mdk_dfu
+----------------------------------------
+Min RAM size from sections in ELF: 16 bytes
+Number of writeable flash regions: 0
+ Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
+Entry point is in .text section
+ Adding .text section. Offset: 128 (0x80). Length: 175252 (0x2ac94) bytes.
+ Adding .stack section. Offset: 175380 (0x2ad14). Length: 16384 (0x4000) bytes.
+Searching for .rel.X sections to add.
+TBF Header:
+ version: 2 0x2
+ header_size: 44 0x2C
+ total_size: 262144 0x40000
+ flags: 1 0x1
+
+ init_fn_offset: 85 0x55
+ protected_size: 20 0x14
+ minimum_ram_size: 107424 0x1A3A0