From nobody Thu Apr 30 00:39:00 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass header.i=jan.kiszka@siemens.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=siemens.com ARC-Seal: i=1; a=rsa-sha256; t=1776232622; cv=none; d=zohomail.com; s=zohoarc; b=GZoSAUw+W0Qxisu69kCOZP5ZvZbdTgVEAxaga0gKqf0MDE2yvRj2+i7KCpiJuxgKDD8PkCXJ+B/3a4IVnjt/XZden2+QsC8wIBbvoqdv728AffJF6di/AnSP00QP59luVfsScfl28VfjhvkwKjfaVWHsl/+Lqcuoa3c4QVR6Xcw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1776232622; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=ljlMNRxDeYe3LJA5qlN/A4oHLI+j+bfEkm76penXCXI=; b=hz9Cg1HvkdLlyQizqj9uii2a8VFnLgi93+ZJEyBY/8ZE3zRofAnZnBc5h3wDK8lmS3RFUDp0DMcz0KCdQRMRSUINhAQbksdHJdWCAl748l9P90ZbStJ9MI/7JT9qHb3uAGwaWXYxZTCJ/iwFEeje6qtPigEY932lSjjjK1UOhhE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=jan.kiszka@siemens.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1776232622284307.74282386931225; Tue, 14 Apr 2026 22:57:02 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wCtEb-0007Gi-8m; Wed, 15 Apr 2026 01:56:21 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wCtEY-0007FO-4p for qemu-devel@nongnu.org; Wed, 15 Apr 2026 01:56:18 -0400 Received: from mta-65-225.siemens.flowmailer.net ([185.136.65.225]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wCtEW-000507-0o for qemu-devel@nongnu.org; Wed, 15 Apr 2026 01:56:17 -0400 Received: by mta-65-225.siemens.flowmailer.net with ESMTPSA id 2026041505460849760da85e000207cb for ; Wed, 15 Apr 2026 07:46:08 +0200 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm2; d=siemens.com; i=jan.kiszka@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Cc:References:In-Reply-To; bh=ljlMNRxDeYe3LJA5qlN/A4oHLI+j+bfEkm76penXCXI=; b=ZY5x6augZl5yoNpVC6gEv3o+A2o9HVXu1K57XDFY1vTSNYG350Ufz3RxTDKeHYX8+N2L9e 897KwQ3g9ow5AqsczW5JHvOBnWEWkwMWcPkjbcEqOOMwgWr/SFvwtexuxD3fxiawKtxf7ChJ 4kZqGsbatEXsmQ/Zhwy1yzbF5OOm3BDQ1cLaLvVyCNNwVy6A9omaO+fteqMbpinRz87OtoxL sntRWl4OFmqgq/dVV+UpZikYWw97o5OTFB3dIchYZx3KblMq4giS5+MxmXTtm8ry3zIid0r0 I8Pbh7YayTh5+Koxy04SfdpzLDU/HrxR73KkirdpMwsam/D0EXKlVxeQ==; From: Jan Kiszka To: qemu-devel Cc: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Bin Meng , qemu-block@nongnu.org, Ilias Apalodimas , =?UTF-8?q?Alex=20Benn=C3=A9e?= , =?UTF-8?q?Jan=20L=C3=BCbbe?= , Jerome Forissier , Jens Wiklander Subject: [PATCH 1/2] scripts: mkemmc.sh: Fix output pollution on missing images Date: Wed, 15 Apr 2026 07:46:06 +0200 Message-ID: In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-294854:519-21489:flowmailer Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=185.136.65.225; envelope-from=fm-294854-2026041505460849760da85e000207cb-5jPIr4@rts-flowmailer.siemens.com; helo=mta-65-225.siemens.flowmailer.net X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity jan.kiszka@siemens.com) X-ZM-MESSAGEID: 1776232625008158500 Content-Type: text/plain; charset="utf-8" From: Jan Kiszka Reorder the redirections so that the 2>/dev/null can actually take effect. Signed-off-by: Jan Kiszka Reviewed-by: Jerome Forissier Reviewed-by: Philippe Mathieu-Daud=C3=A9 --- scripts/mkemmc.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/mkemmc.sh b/scripts/mkemmc.sh index 429388213c..3d8546cdaa 100755 --- a/scripts/mkemmc.sh +++ b/scripts/mkemmc.sh @@ -40,7 +40,7 @@ process_size() { alignment=3D$3 image_arg=3D$4 if [ "${image_arg#*:}" =3D "$image_arg" ]; then - if ! size=3D$(wc -c < "$image_file" 2>/dev/null); then + if ! size=3D$(wc -c 2>/dev/null < "$image_file"); then echo "Missing $name image '$image_file'." >&2 exit 1 fi @@ -102,7 +102,7 @@ check_truncation() { if [ "$image_file" =3D "/dev/zero" ]; then return fi - if ! actual_size=3D$(wc -c < "$image_file" 2>/dev/null); then + if ! actual_size=3D$(wc -c 2>/dev/null < "$image_file"); then echo "Missing image '$image_file'." >&2 exit 1 fi --=20 2.47.3 From nobody Thu Apr 30 00:39:00 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass header.i=jan.kiszka@siemens.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=siemens.com ARC-Seal: i=1; a=rsa-sha256; t=1776232641; cv=none; d=zohomail.com; s=zohoarc; b=U7b+4ebwlpZd/rYZftQr3925pUn90q/vqowdiwVWiFqF/mz7Ce2IfyUJnf1I5K4DJ8GRbaXkugrke08rZxftbTE9W1/qnb6m9mB7BlYfgAi3PgGaPTVggYzW+VgstWtlFtMyM4BK9rdNvNiZkIdqgmfn+Xn/lm3Lzt5vHnQyTa0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1776232641; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=VIy4BuoOYDrOsEWURNMpXvgUEQxseoHsEGpeQhJpWqM=; b=BW7pT69roYVWOYmOfQNUGbzGGZUYWBHvJRrhLRd9tSY6OmjB9CqfTDZy07jkRt2fJuIe+SBoNKCD9rfMlX+HdkrtTUHyMRur5Ppjg1sZq7zkXXmeq12UwUM7Lozv5dN/lfDGtc5H69ad/p+5BJz8unYseGNFJTkaoHyGeAsR6O8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=jan.kiszka@siemens.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1776232641797610.7532531392266; Tue, 14 Apr 2026 22:57:21 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wCtEa-0007Fy-6Y; Wed, 15 Apr 2026 01:56:20 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wCtEY-0007FP-9X for qemu-devel@nongnu.org; Wed, 15 Apr 2026 01:56:18 -0400 Received: from mta-65-226.siemens.flowmailer.net ([185.136.65.226]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wCtEV-000506-VM for qemu-devel@nongnu.org; Wed, 15 Apr 2026 01:56:18 -0400 Received: by mta-65-226.siemens.flowmailer.net with ESMTPSA id 2026041505460989a3cfb7970002079b for ; Wed, 15 Apr 2026 07:46:09 +0200 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm2; d=siemens.com; i=jan.kiszka@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Cc:References:In-Reply-To; bh=VIy4BuoOYDrOsEWURNMpXvgUEQxseoHsEGpeQhJpWqM=; b=ZXE2Q9H1I7/by0OxV5ZD8mUpyk0qUpyaxyIru6L3T+ebOG9rB5lIlcUqzXE4dVq2v5DoG8 zQ8WmFQNvSf+XvGBCC2tRpMjaAV8FSRHWz449y3xpMscjWJXC8gVoE7M3yMzfWRy5mBnykA5 ejX5YXIlJVkMtywSoTGD8yFPEpv3jjd/Wtw++K9KM6OeAQXy9nzV76YtBdw3v+Hb8qelotsp eiXA4I354IfXgYOdXvGZbAmjNIa0uBsN4YXhw8wh56IBKmzmw4bz8Q4oDuCS/+W7NVCibv3h i/gzoU3mjreodoIzIuMj5xSsMTaD335rY1s1WdAawBNZ4q8flcxMgMsg==; From: Jan Kiszka To: qemu-devel Cc: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Bin Meng , qemu-block@nongnu.org, Ilias Apalodimas , =?UTF-8?q?Alex=20Benn=C3=A9e?= , =?UTF-8?q?Jan=20L=C3=BCbbe?= , Jerome Forissier , Jens Wiklander Subject: [PATCH 2/2] hw/sd/sdcard: Add support for pre-setting the authentication key Date: Wed, 15 Apr 2026 07:46:07 +0200 Message-ID: <9fab19ee4c755f9cb2abf55494541fcadff46cbd.1776231967.git.jan.kiszka@siemens.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-294854:519-21489:flowmailer Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=185.136.65.226; envelope-from=fm-294854-2026041505460989a3cfb7970002079b-q97qC2@rts-flowmailer.siemens.com; helo=mta-65-226.siemens.flowmailer.net X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity jan.kiszka@siemens.com) X-ZM-MESSAGEID: 1776232644058158500 Content-Type: text/plain; charset="utf-8" From: Jan Kiszka In contrast to real eMMCs, we are not (yet) persisting the full state of the device. This particularly includes the authentication key used for RPMB access, complicating testing of firmware images which do not support initial provisioning of the key. One way to address this would be, e.g., extending the eMMC disk image with a special sector to store further state. A simpler approach is used here: Add another device property that allows to specify the authentication key, bringing up the eMMC as if the key has already been provisioned before. This is how to tell qemu to use the OP-TEE test key: -device emmc,[...],auth-key=3DD3EB3EC36E334C9F988CE2C0B85954610D2BCF8664844= DF2AB56E6C61BB701E4 Or use this for machine-configured eMMCs: -global emmc.auth-key=3DD3EB3EC36E334C9F988CE2C0B85954610D2BCF8664844DF2AB5= 6E6C61BB701E4 Signed-off-by: Jan Kiszka Acked-by: Ilias Apalodimas Reviewed-by: Jerome Forissier Reviewed-by: Philippe Mathieu-Daud=C3=A9 --- hw/sd/sd.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/hw/sd/sd.c b/hw/sd/sd.c index 37f6e0702b..13ea54df38 100644 --- a/hw/sd/sd.c +++ b/hw/sd/sd.c @@ -205,6 +205,7 @@ struct SDState { QEMUTimer *ocr_power_timer; uint8_t dat_lines; bool cmd_line; + char *preset_auth_key; }; =20 static void sd_realize(DeviceState *dev, Error **errp); @@ -3132,6 +3133,27 @@ static void sd_realize(DeviceState *dev, Error **err= p) "The RPMB partition size must be multiples of 12= 8K" "and not larger than 16384K.\n"); } + if (sd_is_emmc(sd) && sd->preset_auth_key) { + if (strlen(sd->preset_auth_key) !=3D 64) { + error_setg(errp, + "Authentication key must be 32 bytes long, " + "encoded hexadecimally"); + return; + } + + char *pos =3D sd->preset_auth_key; + unsigned int n; + for (n =3D 0; n < RPMB_KEY_MAC_LEN; n++, pos +=3D 2) { + int chrs; + if (sscanf(pos, "%02hhx%n", &sd->rpmb.key[n], &chrs) !=3D 1 || + chrs !=3D 2) { + error_setg(errp, + "Authentication key contains invalid characters= "); + return; + } + } + sd->rpmb.key_set =3D 1; + } } =20 static void emmc_realize(DeviceState *dev, Error **errp) @@ -3156,6 +3178,7 @@ static const Property emmc_properties[] =3D { DEFINE_PROP_UINT64("boot-partition-size", SDState, boot_part_size, 0), DEFINE_PROP_UINT8("boot-config", SDState, boot_config, 0x0), DEFINE_PROP_UINT64("rpmb-partition-size", SDState, rpmb_part_size, 0), + DEFINE_PROP_STRING("auth-key", SDState, preset_auth_key), }; =20 static void sdmmc_common_class_init(ObjectClass *klass, const void *data) --=20 2.47.3