qdl: add support for vip table of digests generation

Add support for Digests Table generation for Validated Image
Programming (VIP), which is activated when Secure Boot is enabled
on the target. VIP controls which packets are allowed to be issued to
the target. Controlling the packets that can be sent to the target is
done through hashing. The target applies a hashing function to all
received data, comparing the resulting hash digest against an existing
digest table in memory. If the calculated hash digest matches the next
entry in the table, the packet (data or command) is accepted; otherwise,
the packet is rejected, and the target halts.

This change introduces logic for VIP table generation.
In the current VIP design the first signed hash table can be a
maximum of 8 KB. Considering that it must be in MBN format, and in
addition to the raw hash table, it also includes an MBN header,
a signature, and certificates, the number of hash digests it can
contain is limited to 54 hashes (a 40-byte MBN header +
a 1696-byte hash table + a 256-byte signature + 6144 bytes of certificates).
All hashes left are stored in the additional ChainedTableOfDigests.bin file.

To generate table of digests run QDL with --createdigests param.

As a result 3 files are generated:
- DIGEST_TABLE.bin - contains the SHA256 table of digests for all firehose
  packets to be sent to the target. It is an intermediary table and is
  used only for the subsequent generation of "DigestsToSign.bin" and
  "ChainedTableOfDigests.bin" files. It is not used by QDL for VIP
  programming.

- DigestsToSign.bin - first 53 digests + digest of ChainedTableOfDigests.bin.
  This file has to be converted to MBN format and then signed with sectools:

  $ sectools mbn-tool generate --data DigestsToSign.bin --mbn-version 6
    --outfile DigestsToSign.bin.mbn

  Please check the security profile for your SoC to determine which version of
  the MBN format should be used.

- ChainedTableOfDigests.bin - contains left digests

For example, for N packets supposed to be sent to the target, these files
will be generated (all digests are 32 bytes in size):

 DIGEST_TABLE.bin
 ___________________
|  Digest 0         |
|  Digest 1         |
|  etc.             |
|                   |
|  Digest N         |
|___________________|

 DigestsTableToSign.bin                              ChainedTableOfDigests.bin
 ___________________                                  ___________________
|  Digest 0         |                                | Digest 53         |
|  Digest 1         |                                | Digest 54         |
|  etc.             |                                | etc.              |
|  Digest 52        |                                | Digest N          |
|  Next table digest----> progagates the  -------->  |___________________|
|___________________|     digital signature
                          to the chained DigestsTable

When QDL is executed with --debug parameter, it will also report
Firehose packet SHA-256 hashes, for example:

FIREHOSE WRITE: <?xml version="1.0"?>
<data><patch SECTOR_SIZE_IN_BYTES="4096" byte_offset="72" filename="DISK"
physical_partition_number="5" size_in_bytes="8"
start_sector="NUM_DISK_SECTORS-1" value="NUM_DISK_SECTORS-5."/></data>

FIREHOSE PACKET SHA256: a27b1459042ea36f654c5eed795730bf73ce37ce5e92e204fe06833e5e5e1749

Signed-off-by: Igor Opaniuk <igor.opaniuk@oss.qualcomm.com>

Author: igoropaniuk

Makefile

@@ -6,7 +6,7 @@ CFLAGS += -O2 -Wall -g `pkg-config --cflags libxml-2.0 libusb-1.0`
 LDFLAGS += `pkg-config --libs libxml-2.0 libusb-1.0`
 prefix := /usr/local
 
-QDL_SRCS := firehose.c io.c qdl.c sahara.c util.c patch.c program.c read.c sim.c ufs.c usb.c ux.c oscompat.c
+QDL_SRCS := firehose.c io.c qdl.c sahara.c util.c patch.c program.c read.c sha2.c sim.c ufs.c usb.c ux.c oscompat.c vip.c
 QDL_OBJS := $(QDL_SRCS:.c=.o)
 
 RAMDUMP_SRCS := ramdump.c sahara.c io.c sim.c usb.c util.c ux.c oscompat.c

firehose.c

@@ -183,9 +183,11 @@ static int firehose_write(struct qdl_device *qdl, xmlDoc *doc)
 
 	xmlDocDumpMemory(doc, &s, &len);
 
+	vip_gen_chunk_init(qdl);
+
 	for (;;) {
 		ux_debug("FIREHOSE WRITE: %s\n", s);
-
+		vip_gen_chunk_update(qdl, s, len);
 		ret = qdl_write(qdl, s, len);
 		saved_errno = errno;
 
@@ -202,6 +204,7 @@ static int firehose_write(struct qdl_device *qdl, xmlDoc *doc)
 		}
 	}
 	xmlFree(s);
+	vip_gen_chunk_store(qdl);
 	return ret < 0 ? -saved_errno : 0;
 }
 
@@ -423,6 +426,7 @@ static int firehose_program(struct qdl_device *qdl, struct program *program, int
 
 	lseek(fd, (off_t) program->file_offset * program->sector_size, SEEK_SET);
 	left = num_sectors;
+	vip_gen_chunk_init(qdl);
 	while (left > 0) {
 		chunk_size = MIN(max_payload_size / program->sector_size, left);
 
@@ -435,6 +439,7 @@ static int firehose_program(struct qdl_device *qdl, struct program *program, int
 		if (n < max_payload_size)
 			memset(buf + n, 0, max_payload_size - n);
 
+		vip_gen_chunk_update(qdl, buf, chunk_size * program->sector_size);
 		n = qdl_write(qdl, buf, chunk_size * program->sector_size);
 		if (n < 0) {
 			ux_err("USB write failed for data chunk\n");
@@ -454,6 +459,8 @@ static int firehose_program(struct qdl_device *qdl, struct program *program, int
 	ux_debug("FIREHOSE RAW BINARY WRITE: %s, %d bytes\n",
 		 program->filename, program->sector_size * num_sectors);
 
+	vip_gen_chunk_store(qdl);
+
 	t = time(NULL) - t0;
 
 	ret = firehose_read(qdl, 30000, firehose_generic_parser, NULL);

qdl.c

@@ -126,6 +126,7 @@ int main(int argc, char **argv)
 	bool qdl_finalize_provisioning = false;
 	bool allow_fusing = false;
 	bool allow_missing = false;
+	bool create_digests = false;
 	long out_chunk_size = 0;
 	struct qdl_device *qdl = NULL;
 	enum QDL_DEVICE_TYPE qdl_dev_type = QDL_DEVICE_USB;
@@ -141,6 +142,7 @@ int main(int argc, char **argv)
 		{"allow-missing", no_argument, 0, 'f'},
 		{"allow-fusing", no_argument, 0, 'c'},
 		{"dry-run", no_argument, 0, 'n'},
+		{"createdigests", no_argument, 0, 't'},
 		{0, 0, 0, 0}
 	};
 
@@ -152,6 +154,11 @@ int main(int argc, char **argv)
 		case 'n':
 			qdl_dev_type = QDL_DEVICE_SIM;
 			break;
+		case 't':
+			create_digests = true;
+			/* we also enforce dry-run mode */
+			qdl_dev_type = QDL_DEVICE_SIM;
+			break;
 		case 'v':
 			print_version();
 			return 0;
@@ -197,6 +204,9 @@ int main(int argc, char **argv)
 	if (out_chunk_size)
 		qdl_set_out_chunk_size(qdl, out_chunk_size);
 
+	if (create_digests)
+		vip_gen_init(qdl);
+
 	ux_init();
 
 	if (qdl_debug)
@@ -254,6 +264,9 @@ int main(int argc, char **argv)
 		goto out_cleanup;
 
 out_cleanup:
+	if (create_digests)
+		vip_gen_finalize(qdl);
+
 	qdl_close(qdl);
 	free_programs();
 	free_patches();

qdl.h

@@ -8,6 +8,10 @@
 #include "read.h"
 #include <libxml/tree.h>
 
+#define container_of(ptr, typecast, member) ({                  \
+	void *_ptr = (void *)(ptr);		                \
+	((typecast *)(_ptr - offsetof(typecast, member))); })
+
 #define MAPPING_SZ 64
 
 enum QDL_DEVICE_TYPE
@@ -43,6 +47,12 @@ void qdl_set_out_chunk_size(struct qdl_device *qdl, long size);
 struct qdl_device *usb_init(void);
 struct qdl_device *sim_init(void);
 
+void vip_gen_init(struct qdl_device *qdl);
+void vip_gen_chunk_init(struct qdl_device *qdl);
+void vip_gen_chunk_update(struct qdl_device *qdl, const void *buf, size_t len);
+void vip_gen_chunk_store(struct qdl_device *qdl);
+void vip_gen_finalize(struct qdl_device *qdl);
+
 int firehose_run(struct qdl_device *qdl, const char *incdir, const char *storage, bool allow_missing);
 int sahara_run(struct qdl_device *qdl, char *img_arr[], bool single_image,
 	       const char *ramdump_path, const char *ramdump_filter);

sim.c

@@ -30,12 +30,7 @@
 #include <stdlib.h>
 #include <string.h>
 
-#include "qdl.h"
-
-struct qdl_device_sim
-{
-	struct qdl_device base;
-};
+#include "sim.h"
 
 static int sim_open(struct qdl_device *qdl, const char *serial)
 {

sim.h

@@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 2025, Qualcomm Innovation Center, Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the copyright holder nor the names of its contributors
+ * may be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef __SIM_H__
+#define __SIM_H__
+
+#include "qdl.h"
+#include "vip.h"
+
+struct qdl_device_sim
+{
+	struct qdl_device base;
+	struct vip_table_generator vip_gen;
+	bool create_digests;
+};
+
+#endif /* __SIM_H__ */

usb.c

@@ -9,10 +9,6 @@
 
 #include "qdl.h"
 
-#define container_of(ptr, typecast, member) ({                  \
-	void *_ptr = (void *)(ptr);		                \
-	((typecast *)(_ptr - offsetof(typecast, member))); })
-
 #define DEFAULT_OUT_CHUNK_SIZE (1024 * 1024)
 
 struct qdl_device_usb