Forums - Problem with sign in and calculator

7 posts / 0 new
or Register
Last post
Problem with sign in and calculator
zhanghongsdestiny
Join Date: 19 Oct 20
Posts: 4
Posted: Wed, 2021-05-05 19:26
Top

I signed several month ago and ran the calculator example on my android phone successfully. However, when I try to do it again. I can run the calculator locally. But it doesn't work on the DSP:

cheeseburger:/vendor/bin # calculator 0 1000

---Starting calculator test
 
---Allocate 4000 bytes from ION heap
---Creating sequence of numbers from 0 to 999
 
---Compute sum on the DSP
---Error: compute on DSP failed, nErr = 44
 
---Usage: calculator <1/0 run locally> <uint32 size>
 
I don't know what's wrong with it so I decide restart from the signing process. And the signing failed too:
 
ERROR: /usr/bin/openssl retcode: 2
Output: C = US, CN = SecTools Test User, L = San Diego, O = SecTools, ST = California, OU = 01 0000000000000000 SW_ID, OU = 02 0000000000000000 HW_ID, OU = 04 0000 OEM_ID, OU = 05 00000108 SW_SIZE, OU = 06 0000 MODEL_ID, OU = 07 0001 SHA256, OU = 03 0000000000000002 DEBUG
error 20 at 0 depth lookup: unable to get local issuer certificate
ERROR: Signing failed!
 
Is that because I shouldn't sign one device twice?
 
My device is rooted onePlus 5. Thanks advance for any advices.
 
 
  • Up0
  • Down0
Re: Problem with sign in and calculator
rnoronha
Join Date: 24 Jan 20
Posts: 7
Posted: Fri, 2021-05-07 17:13
Top
Hi
Thanks for your question.
We need some additional information about this issue you are seeing and what exactly you are trying to do.
If you are trying to sign a device that was previously signed, can you please mention what script you are using to sign the device?
<HEXAGON_SDK_ROOT>/tools/elfsigner/elfsigner.py -t <SERIAL_NUMBER> -o <OUTPUT_PATH>
Please add the --verbose logs.txt flag to the above command to write to a logs file. Please share these logs with us.
You can refer to or run the utils/scripts/signer.py script to find SERIAL_NUMBER of the device in hex.
Which Hexagon SDK do you have installed?
Also, if you are trying to sign a signed.so again, it will not work.
 
Thanks

 

  • Up0
  • Down0
Re: Problem with sign in and calculator
zhanghongsdestiny
Join Date: 19 Oct 20
Posts: 4
Posted: Fri, 2021-05-07 19:06
Top

Hi rnoronha,

Thanks for your reply.

I am using the command you mentioned to sign a device: python elfsigner.py -t 0x71dc7a6e.

I am using the Linux version 3.5.2 which is used before.

I'm not sure what you mean by sign a signed.so again. I failed to generate the new .so file in my current computer. And the error shows up even I reinstall the SDK. So I wonder if it is because the phone with the serial number has already been signed before.

Following are the log messages.

 



hongzhang@ubuntu:~/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner$ python elfsigner.py -t 0x71dc7a6e --verbose logs.txt
Logging to /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/output/Elfsigner_log.txt
DEBUG: Debug logging to /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/output/Elfsigner_log_debug.txt
DEBUG: 
 
    Tool launched as: "elfsigner.py -t 0x71dc7a6e --verbose logs.txt"
 
 
        Attention:
        Use of this tool is conditioned upon your compliance with Qualcomm
        Technologies'(and its affiliates') license terms and conditions;
        including, without limitations, such terms and conditions addressing
        the use of such tools with open source software.
 
        Agree? [y/n]:
        y
Signing a file may take up to 3 minutes due to network connectivity. Please wait patiently.
------------------------------------------------------------
DEBUG: Source config file: /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/config/tcg/tcg_secimage.xml
DEBUG: Generating config file...
DEBUG: Generated config file at: /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/output/testsig-0x71dc7a6e_generated_config.xml
DEBUG: 
Execute command:
     python sectools.py secimage -g testsig_local -i /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/resources/opendsp/testsigbase.so -c /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/output/testsig-0x71dc7a6e_generated_config.xml -o /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/output/secimage_output -v -sa
 
Logging to /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/output/secimage_output/SecImage_log.txt
 
 
    SecImage launched as: "elfsigner.py -t 0x71dc7a6e --verbose logs.txt"
 
 
Config path is set to: /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/output/testsig-0x71dc7a6e_generated_config.xml
WARNING: OEM ID is set to 0 for sign_id "testsig_local"
Output dir is set to: /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/output/secimage_output
Openssl v1.0.1 or greater is available at: "/usr/bin/openssl"
------------------------------------------------------
Processing 1/1: /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/resources/opendsp/testsigbase.so
 
WARNING: Loadable segment - 3 is of size: 4
Performing OEM sign on image: /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/resources/opendsp/testsigbase.so
attestation_certificate_extensions = /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/resources/data_prov_assets/General_Assets/Signing/openssl/v3_attest.ext
ca_certificate_extensions = /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/resources/data_prov_assets/General_Assets/Signing/openssl/v3.ext
openssl_configfile = /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/resources/data_prov_assets/General_Assets/Signing/openssl/opensslroot.cfg
Using QTI (sha256)
Using PKCS RSA padding
Initialization with dataprov. These fields might not be used in final output if overridden
Using a predefined Root private key from: /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/resources/data_prov_assets/Signing/Local/opendsp_presigned_certs-key2048_exp3/qpsa_rootca.key
Using a predefined Root certificate from: /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/resources/data_prov_assets/Signing/Local/opendsp_presigned_certs-key2048_exp3/qpsa_rootca.cer
Initialization with dataprov. These fields might not be used in final output if overridden
Using a predefined CA private key from: /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/resources/data_prov_assets/Signing/Local/opendsp_presigned_certs-key2048_exp3/qpsa_attestca.key
Using a predefined CA certificate from: /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/resources/data_prov_assets/Signing/Local/opendsp_presigned_certs-key2048_exp3/qpsa_attestca.cer
Initialization with dataprov. These fields might not be used in final output if overridden
Generating new certificate Attest
Generating new Attestation certificate and a random key
Adding OU fields to attest certificate.
Generating new private/public key pair for Attest
Creating certificate request for Attest
Signing certificate request for Attest
Creating signature
 
Attestation Certificate Properties:
| SW_ID     | 0x0000000000000000  |
| HW_ID     | 0x0000000000000000  |
| DEBUG     | 0x0000000000000002  |
| OEM_ID    | 0x0000              |
| SW_SIZE   | 264                 |
| MODEL_ID  | 0x0000              |
| SHA_ALGO  | SHA256              |
| APP_ID    | None                |
| CRASH_DUMP| None                |
| ROT_EN    | None                |
| Exponent  | 3                   |
| TCG_MIN   | 0x0001E240          |
| TCG_MAX   | 0x0001E240          |
 
Signed image is stored at /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/output/secimage_output/tcg/testsig_local/testsigbase.so
WARNING: Loadable segment - 5 is of size: 4
OEM signed image with PKCS
ERROR: /usr/bin/openssl retcode: 2
Output: C = US, CN = SecTools Test User, L = San Diego, O = SecTools, ST = California, OU = 01 0000000000000000 SW_ID, OU = 02 0000000000000000 HW_ID, OU = 04 0000 OEM_ID, OU = 05 00000108 SW_SIZE, OU = 06 0000 MODEL_ID, OU = 07 0001 SHA256, OU = 03 0000000000000002 DEBUG
error 20 at 0 depth lookup: unable to get local issuer certificate
 
Image /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/output/secimage_output/tcg/testsig_local/testsigbase.so is not encrypted
 
Base Properties: 
| Integrity Check                 | True  |
| Signed                          | True  |
| Encrypted                       | False |
| Size of signature               | 256   |
| Size of one cert                | 2048  |
| Num of certs in cert chain      | 3     |
| Number of root certs            | 1     |
| Maximum number of root certs    | 1     |
| Hash Page Segments as segments  | False |
| Cert chain size                 | 6144  |
 
ELF Properties: 
Header: 
| Magic                      | ELF                           |
| Class                      | ELF32                          |
| Data                       | 2's complement, little endian  |
| Version                    | 1 (Current)                    |
| OS/ABI                     | No extensions or unspecified   |
| ABI Version                | 0                              |
| Type                       | DYN (Shared object file)       |
| Machine                    | 164                            |
| Version                    | 0x1                            |
| Entry address              | 0x000010b0                     |
| Program headers offset     | 0x00000034                     |
| Section headers offset     | 0x00000000                     |
| Flags                      | 0x00000003                     |
| ELF header size            | 52                             |
| Program headers size       | 32                             |
| Number of program headers  | 5                              |
| Section headers size       | 40                             |
| Number of section headers  | 0                              |
| String table section index | 0                              |
 
Program Headers: 
| Num |   Type   | Offset | VirtAddr | PhysAddr | FileSize | MemSize | Flags | Align |
|-----|----------|--------|----------|----------|----------|---------|-------|-------|
|  1  | LOAD     | 0x3000 |  0x0000  |  0x0000  |  0x2fc   |  0x2fc  |   R   | 0x1000|
|  2  | LOAD     | 0x4000 |  0x1000  |  0x1000  |  0x104   |  0x104  |   RE  | 0x1000|
|  3  | LOAD     | 0x5000 |  0x2000  |  0x2000  |  0x004   |  0x004  |   R   | 0x1000|
|  4  | LOAD     | 0x6000 |  0x4000  |  0x4000  |  0x0d0   |  0x100  |   RW  | 0x1000|
|  5  | DYNAMIC  | 0x6010 |  0x4010  |  0x4010  |  0x0a8   |  0x0a8  |   RW  | 0x4   |
 
Hash Segment Properties: 
| Header Size     | 40B     |
| Hash Algorithm  | sha256  |
 
Header: 
| cert_chain_ptr  | 0x00005208  |
| cert_chain_size | 0x00001800  |
| code_size       | 0x000000e0  |
| flash_parti_ver | 0x00000003  |
| image_dest_ptr  | 0x00005028  |
| image_id        | 0x00000000  |
| image_size      | 0x000019e0  |
| image_src       | 0x00000000  |
| sig_ptr         | 0x00005108  |
| sig_size        | 0x00000100  |
 
SecElf Properties: 
| image_type        | 0           |
| max_elf_segments  | 100         |
| testsig_serialnum | 0x71dc7a6e  |
 
------------------------------------------------------
 
SUMMARY:
Following actions were performed: "sign, validate"
Output is saved at: /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/output/secimage_output
 
| Idx |     SignId    | Parse | Integrity | Sign | Encrypt |              Validate              |
|     |               |       |           |      |         | Parse | Integrity | Sign | Encrypt |
|-----|---------------|-------|-----------|------|---------|-------|-----------|------|---------|
|  1. | testsig_local |   T   |     NA    |  T   |    NA   |   T   |     T     |  F   |    F    |
 
ERROR: Signing failed!
 
 
 
 
 
  • Up0
  • Down0
 
 Re: Problem with sign in and calculator 
 rnoronha
 Join Date: 24 Jan 20
 Posts: 7
 Posted: Tue, 2021-05-11 15:42
 Top
 
Hi,
Thanks for your response!
We reviewed the logs you sent and it seems like there might be an issue with your openssl. 
We need further logs from the elfsigner with the following command:
python elfsigner.py -t 0x71dc7a6e --verbose --verbose
This will log the exact openssl command that is failing during validation.
Additionally, please share their openssl version by running the following command: 
openssl version
Thanks
  • Up0
  • Down0
 
 Re: Problem with sign in and calculator 
 zhanghongsdestiny
 Join Date: 19 Oct 20
 Posts: 4
 Posted: Tue, 2021-05-11 17:07
 Top
 
Hi
Thank you so much for your reply. My openssl version is OpenSSL 1.1.1f  31 Mar 2020.
Following are the logs that after enter the command. 




hongzhang@ubuntu:~/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner$ python elfsigner.py -t 0x71dc7a6e --verbose --verbose
Logging to /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/output/Elfsigner_log.txt
DEBUG: Debug logging to /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/output/Elfsigner_log_debug.txt
DEBUG: 
 
    Tool launched as: "elfsigner.py -t 0x71dc7a6e --verbose --verbose"
 
 
        Attention:
        Use of this tool is conditioned upon your compliance with Qualcomm
        Technologies'(and its affiliates') license terms and conditions;
        including, without limitations, such terms and conditions addressing
        the use of such tools with open source software.
 
        Agree? [y/n]:
        y
Signing a file may take up to 3 minutes due to network connectivity. Please wait patiently.
------------------------------------------------------------
DEBUG: Source config file: /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/config/tcg/tcg_secimage.xml
DEBUG2: Checking config file existence at /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/config/tcg/tcg_secimage.xml
DEBUG2: Using generateDs APIs to parse config and validate syntax
DEBUG2: Parsed config using generateDs
DEBUG2: Normalizing and validating the xml semantics
DEBUG2: Config data validated
DEBUG: Generating config file...
DEBUG2: Generating config file at /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/output/testsig-0x71dc7a6e_generated_config.xml
    Root node name: tns:secimage
    XML namespacedef: xmlns:tns="http://www.qualcomm.com/secimage"
xsi:schemaLocation="http://www.qualcomm.com/secimage ../xsd/secimage.xsd"
    Lines to prepend at start: <?xml version="1.0" encoding="UTF-8"?>
 
    Lines to append at the end: 
DEBUG2: Generated config file
DEBUG: Generated config file at: /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/output/testsig-0x71dc7a6e_generated_config.xml
DEBUG: 
Execute command:
     python sectools.py secimage -g testsig_local -i /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/resources/opendsp/testsigbase.so -c /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/output/testsig-0x71dc7a6e_generated_config.xml -o /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/output/secimage_output -v -sa
 
Logging to /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/output/secimage_output/SecImage_log.txt
DEBUG: Debug logging to /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/output/secimage_output/SecImage_log_debug.txt
 
 
    SecImage launched as: "elfsigner.py -t 0x71dc7a6e --verbose --verbose"
 
Config path is set to: /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/output/testsig-0x71dc7a6e_generated_config.xml
WARNING: OEM ID is set to 0 for sign_id "testsig_local"
Output dir is set to: /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/output/secimage_output
Openssl v1.0.1 or greater is available at: "/usr/bin/openssl"
------------------------------------------------------
Processing 1/1: /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/resources/opendsp/testsigbase.so
 
DEBUG: Loadable segment - 3 is of size: 4
WARNING: Loadable segment - 3 is of size: 4
Performing OEM sign on image: /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/resources/opendsp/testsigbase.so
DEBUG: DataProvisioner database verification passed
attestation_certificate_extensions = /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/resources/data_prov_assets/General_Assets/Signing/openssl/v3_attest.ext
DEBUG: DataProvisioner config: <sectools.common.data_provisioning.data_prov.DictToObject object at 0x7fdc238cfb90>
ca_certificate_extensions = /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/resources/data_prov_assets/General_Assets/Signing/openssl/v3.ext
DEBUG: DataProvisioner config: <sectools.common.data_provisioning.data_prov.DictToObject object at 0x7fdc238cfb90>
openssl_configfile = /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/resources/data_prov_assets/General_Assets/Signing/openssl/opensslroot.cfg
DEBUG: DataProvisioner config: <sectools.common.data_provisioning.data_prov.DictToObject object at 0x7fdc238cfb90>
DEBUG: Adding hash seg after phdrs, aligned to 0x1000
DEBUG: Updating version to 3
DEBUG: msm_id : 0x0
sw_id  : 0x0
hash_algo  : sha256
hmac_type : QTI
ipad  : 0x3636363636363636
opad  : 0x5c5c5c5c5c5c5c5c
Using QTI (sha256)
Using PKCS RSA padding
DEBUG: DataProvisioner database verification passed
DEBUG: DataProvisioner config: <sectools.common.data_provisioning.data_prov.DictToObject object at 0x7fdc238f71d0>
DEBUG: DataProvisioner config: <sectools.common.data_provisioning.data_prov.DictToObject object at 0x7fdc238f71d0>
DEBUG: DataProvisioner config: <sectools.common.data_provisioning.data_prov.DictToObject object at 0x7fdc238f71d0>
DEBUG: DataProvisioner config: <sectools.common.data_provisioning.data_prov.DictToObject object at 0x7fdc238f71d0>
Initialization with dataprov. These fields might not be used in final output if overridden
Using a predefined Root private key from: /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/resources/data_prov_assets/Signing/Local/opendsp_presigned_certs-key2048_exp3/qpsa_rootca.key
DEBUG: Running command: ['/usr/bin/openssl', 'rsa', '-in', '/tmp/tmpuau5kD', '-pubout']
Using a predefined Root certificate from: /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/resources/data_prov_assets/Signing/Local/opendsp_presigned_certs-key2048_exp3/qpsa_rootca.cer
DEBUG: Running command: ['/usr/bin/openssl', 'x509', '-in', '/tmp/tmp9RM0Fi', '-inform', 'DER', '-outform', 'PEM']
Initialization with dataprov. These fields might not be used in final output if overridden
Using a predefined CA private key from: /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/resources/data_prov_assets/Signing/Local/opendsp_presigned_certs-key2048_exp3/qpsa_attestca.key
DEBUG: Running command: ['/usr/bin/openssl', 'rsa', '-in', '/tmp/tmpXqSLOd', '-pubout']
Using a predefined CA certificate from: /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/resources/data_prov_assets/Signing/Local/opendsp_presigned_certs-key2048_exp3/qpsa_attestca.cer
DEBUG: Running command: ['/usr/bin/openssl', 'x509', '-in', '/tmp/tmpvnq4Gt', '-inform', 'DER', '-outform', 'PEM']
Initialization with dataprov. These fields might not be used in final output if overridden
Generating new certificate Attest
DEBUG: Running command: ['/usr/bin/openssl', 'x509', '-in', '/tmp/tmp1yinma', '-inform', 'DER', '-noout', '-text', '-certopt', 'ext_dump']
DEBUG: Running command: ['/usr/bin/openssl', 'asn1parse', '-in', '/tmp/tmp6atPDU', '-inform', 'DER']
DEBUG: 
TCG values fall within CA constraints.
DEBUG: 
Attestation cert : tcg_min=0x0001E240 tcg_max=0x0001E240
CA cert (allowed): tcg_min=0x0001E240 tcg_max=0x0009FBF1
 
DEBUG: Writing data: 
DEBUG: To temporary file: /tmp/tmpvxoffE
Generating new Attestation certificate and a random key
Adding OU fields to attest certificate.
Generating new private/public key pair for Attest
DEBUG: Running command: ['/usr/bin/openssl', 'genpkey', '-algorithm', 'RSA', '-outform', 'PEM', '-pkeyopt', 'rsa_keygen_bits:2048', '-pkeyopt', 'rsa_keygen_pubexp:3']
DEBUG: Writing generated private key to PEM file: /tmp/tmpYUMPJl
DEBUG: Running command: ['/usr/bin/openssl', 'rsa', '-in', '/tmp/tmpxS5D0a', '-pubout']
Creating certificate request for Attest
DEBUG: Running command: ['/usr/bin/openssl', 'req', '-new', '-key', '/tmp/tmp4Mlpzg', '-subj', '/C=US/CN=SecTools Test User/L=San Diego/O=SecTools/ST=California/OU=01 0000000000000000 SW_ID/OU=02 0000000000000000 HW_ID/OU=04 0000 OEM_ID/OU=05 00000108 SW_SIZE/OU=06 0000 MODEL_ID/OU=07 0001 SHA256/OU=03 0000000000000002 DEBUG', '-config', '/home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/resources/data_prov_assets/General_Assets/Signing/openssl/opensslroot.cfg']
Signing certificate request for Attest
DEBUG: Running command: ['/usr/bin/openssl', 'x509', '-req', '-in', '/tmp/tmpecvWOQ', '-CAkey', '/tmp/tmpYuEiHl', '-CA', '/tmp/tmpiErv2u', '-days', '7300', '-set_serial', '1', '-extfile', '/tmp/tmpvxoffE', '-sha256', '-CAcreateserial']
DEBUG: Running command: ['/usr/bin/openssl', 'x509', '-in', '/tmp/tmpLTLGaj', '-inform', 'PEM', '-noout', '-text', '-certopt', 'ext_dump']
Creating signature
DEBUG: Running command: ['/usr/bin/openssl', 'pkeyutl', '-sign', '-inkey', '/tmp/tmpkLaMc0', '-in', '/tmp/tmpqFG6vh', '-pkeyopt', 'rsa_padding_mode:pkcs1']
DEBUG: Running command: ['/usr/bin/openssl', 'x509', '-in', '/tmp/tmpXzXJz9', '-inform', 'PEM', '-outform', 'DER']
DEBUG: Running command: ['/usr/bin/openssl', 'x509', '-in', '/tmp/tmpSrnP7M', '-inform', 'PEM', '-outform', 'DER']
DEBUG: Running command: ['/usr/bin/openssl', 'x509', '-in', '/tmp/tmpPpMVnP', '-inform', 'PEM', '-outform', 'DER']
DEBUG: Running command: ['/usr/bin/openssl', 'x509', '-in', '/tmp/tmpSYQ6pa', '-inform', 'PEM', '-outform', 'DER']
DEBUG: Running command: ['/usr/bin/openssl', 'rsa', '-in', '/tmp/tmpriQjWJ', '-inform', 'PEM', '-outform', 'DER']
DEBUG: Running command: ['/usr/bin/openssl', 'rsa', '-in', '/tmp/tmprvgKaW', '-inform', 'PEM', '-outform', 'DER']
DEBUG: Running command: ['/usr/bin/openssl', 'rsa', '-in', '/tmp/tmpicUzoJ', '-inform', 'PEM', '-outform', 'DER']
DEBUG: Running command: ['/usr/bin/openssl', 'x509', '-in', '/tmp/tmp4SoNCV', '-inform', 'DER', '-noout', '-text', '-certopt', 'ext_dump']
DEBUG: Running command: ['/usr/bin/openssl', 'asn1parse', '-in', '/tmp/tmpHojC0X', '-inform', 'DER']
 
Attestation Certificate Properties:
| SW_ID     | 0x0000000000000000  |
| HW_ID     | 0x0000000000000000  |
| DEBUG     | 0x0000000000000002  |
| OEM_ID    | 0x0000              |
| SW_SIZE   | 264                 |
| MODEL_ID  | 0x0000              |
| SHA_ALGO  | SHA256              |
| APP_ID    | None                |
| CRASH_DUMP| None                |
| ROT_EN    | None                |
| Exponent  | 3                   |
| TCG_MIN   | 0x0001E240          |
| TCG_MAX   | 0x0001E240          |
 
DEBUG: Adding hash seg after phdrs, aligned to 0x1000
Signed image is stored at /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/output/secimage_output/tcg/testsig_local/testsigbase.so
DEBUG: Loadable segment - 5 is of size: 4
WARNING: Loadable segment - 5 is of size: 4
DEBUG: Number of hash entries: 5
DEBUG: Hash table size: 224
DEBUG: Hash size: 32
DEBUG: Determined hash table algorithm: sha256
DEBUG: DataProvisioner config: <sectools.common.data_provisioning.data_prov.DictToObject object at 0x7fdc238f7410>
DEBUG: DataProvisioner config: <sectools.common.data_provisioning.data_prov.DictToObject object at 0x7fdc238f7410>
DEBUG: DataProvisioner config: <sectools.common.data_provisioning.data_prov.DictToObject object at 0x7fdc238f7410>
DEBUG: Adding hash seg after phdrs, aligned to 0x1000
DEBUG: Updating version to 3
DEBUG: Running command: ['/usr/bin/openssl', 'x509', '-in', '/tmp/tmpczapMl', '-inform', 'DER', '-noout', '-text', '-certopt', 'ext_dump']
DEBUG: SW_ID = 0x0000000000000000
DEBUG: HW_ID = 0x0000000000000000
DEBUG: MSM_ID key : 0x0
DEBUG: SW_ID key : 0x0
DEBUG: ipad : 0x3636363636363636
DEBUG: opad : 0x5c5c5c5c5c5c5c5c
OEM signed image with PKCS
DEBUG: Running command: ['/usr/bin/openssl', 'x509', '-in', '/tmp/tmpFB_n_M', '-inform', 'DER', '-outform', 'PEM']
DEBUG: Running command: ['/usr/bin/openssl', 'x509', '-in', '/tmp/tmputXZFP', '-inform', 'DER', '-outform', 'PEM']
DEBUG: Running command: ['/usr/bin/openssl', 'x509', '-in', '/tmp/tmpCgI0yC', '-inform', 'DER', '-outform', 'PEM']
DEBUG: Running command: ['/usr/bin/openssl', 'x509', '-in', '/tmp/tmpALtJSR', '-inform', 'PEM', '-noout', '-text', '-certopt', 'ext_dump']
DEBUG: Running command: ['/usr/bin/openssl', 'verify', '-attime', '1620777488', '-CAfile', '/tmp/tmpRk5y4J', '/tmp/tmpExlqP2']
ERROR: /usr/bin/openssl retcode: 2
Output: C = US, CN = SecTools Test User, L = San Diego, O = SecTools, ST = California, OU = 01 0000000000000000 SW_ID, OU = 02 0000000000000000 HW_ID, OU = 04 0000 OEM_ID, OU = 05 00000108 SW_SIZE, OU = 06 0000 MODEL_ID, OU = 07 0001 SHA256, OU = 03 0000000000000002 DEBUG
error 20 at 0 depth lookup: unable to get local issuer certificate
 
Image /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/output/secimage_output/tcg/testsig_local/testsigbase.so is not encrypted
 
Base Properties: 
| Integrity Check                 | True  |
| Signed                          | True  |
| Encrypted                       | False |
| Size of signature               | 256   |
| Size of one cert                | 2048  |
| Num of certs in cert chain      | 3     |
| Number of root certs            | 1     |
| Maximum number of root certs    | 1     |
| Hash Page Segments as segments  | False |
| Cert chain size                 | 6144  |
 
ELF Properties: 
Header: 
| Magic                      | ELF                           |
| Class                      | ELF32                          |
| Data                       | 2's complement, little endian  |
| Version                    | 1 (Current)                    |
| OS/ABI                     | No extensions or unspecified   |
| ABI Version                | 0                              |
| Type                       | DYN (Shared object file)       |
| Machine                    | 164                            |
| Version                    | 0x1                            |
| Entry address              | 0x000010b0                     |
| Program headers offset     | 0x00000034                     |
| Section headers offset     | 0x00000000                     |
| Flags                      | 0x00000003                     |
| ELF header size            | 52                             |
| Program headers size       | 32                             |
| Number of program headers  | 5                              |
| Section headers size       | 40                             |
| Number of section headers  | 0                              |
| String table section index | 0                              |
 
Program Headers: 
| Num |   Type   | Offset | VirtAddr | PhysAddr | FileSize | MemSize | Flags | Align |
|-----|----------|--------|----------|----------|----------|---------|-------|-------|
|  1  | LOAD     | 0x3000 |  0x0000  |  0x0000  |  0x2fc   |  0x2fc  |   R   | 0x1000|
|  2  | LOAD     | 0x4000 |  0x1000  |  0x1000  |  0x104   |  0x104  |   RE  | 0x1000|
|  3  | LOAD     | 0x5000 |  0x2000  |  0x2000  |  0x004   |  0x004  |   R   | 0x1000|
|  4  | LOAD     | 0x6000 |  0x4000  |  0x4000  |  0x0d0   |  0x100  |   RW  | 0x1000|
|  5  | DYNAMIC  | 0x6010 |  0x4010  |  0x4010  |  0x0a8   |  0x0a8  |   RW  | 0x4   |
 
Hash Segment Properties: 
| Header Size     | 40B     |
| Hash Algorithm  | sha256  |
 
Header: 
| cert_chain_ptr  | 0x00005208  |
| cert_chain_size | 0x00001800  |
| code_size       | 0x000000e0  |
| flash_parti_ver | 0x00000003  |
| image_dest_ptr  | 0x00005028  |
| image_id        | 0x00000000  |
| image_size      | 0x000019e0  |
| image_src       | 0x00000000  |
| sig_ptr         | 0x00005108  |
| sig_size        | 0x00000100  |
 
SecElf Properties: 
| image_type        | 0           |
| max_elf_segments  | 100         |
| testsig_serialnum | 0x71dc7a6e  |
 
------------------------------------------------------
 
SUMMARY:
Following actions were performed: "sign, validate"
Output is saved at: /home/hongzhang/Qualcomm/Hexagon_SDK/3.5.2/tools/elfsigner/output/secimage_output
 
| Idx |     SignId    | Parse | Integrity | Sign | Encrypt |              Validate              |
|     |               |       |           |      |         | Parse | Integrity | Sign | Encrypt |
|-----|---------------|-------|-----------|------|---------|-------|-----------|------|---------|
|  1. | testsig_local |   T   |     NA    |  T   |    NA   |   T   |     T     |  F   |    F    |
 
ERROR: Signing failed!
 
  • Up0
  • Down0
 
 Re: Problem with sign in and calculator 
 rnoronha
 Join Date: 24 Jan 20
 Posts: 7
 Posted: Thu, 2021-05-13 11:06
 Top
 
The following openssl cmd is causing the error: /usr/bin/openssl verify -attime 1620777488 -CAfile /tmp/tmpRk5y4J /tmp/tmpExlqP2. The error returned by OpenSSL is: error 20 at 0 depth lookup: unable to get local issuer certificate. 
We are not sure what exactly is causing this problem and are looking into it. 
You mentioned this was working before. Has your setup changed in any way from before, that could affect openssl. This should help narrow down the problem. Were you using a different machine, operating system, etc.?
Thanks
  • Up0
  • Down0
 
 Re: Problem with sign in and calculator 
 zhanghongsdestiny
 Join Date: 19 Oct 20
 Posts: 4
 Posted: Thu, 2021-05-13 13:38
 Top
 
My colleague was working on this project before. I've never changed any setup manually since I got it from him. We haven't use other different machine since this one is the only rooted phone I got.
Thank you so much for your help. We will keep looking into it at the same time.
  • Up0
  • Down0
 or Register
Opinions expressed in the content posted here are the personal opinions of the original authors, and do not necessarily reflect those of Qualcomm Incorporated or its subsidiaries (“Qualcomm”). The content is provided for informational purposes only and is not meant to be an endorsement or representation by Qualcomm or any other party. This site may also provide links or references to non-Qualcomm sites and resources. Qualcomm makes no representations, warranties, or other commitments whatsoever about any non-Qualcomm sites or third-party resources that may be referenced, accessible from, or linked to this site.