Commit graph

83 commits

Author SHA1 Message Date
Pali Rohár
2fdba4f658 tools: kwbimage: Add support for NAND_PAGE_SIZE command also for v1 images
The NAND_PAGE_SIZE command is already supported by mkimage for v0 images,
but not for v1 images.

A38x and A39x BootROM supports reading NAND flash page size from v1 image
in the same way as Kirkwood BootROM from v0 image. It it documented in A38x
and A39x Functional Specification.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
2021-10-28 10:33:32 +02:00
Pali Rohár
e58f08b479 tools: kwbimage: Align BIN header executable code to 128-bit boundary
ARM executable code inside the BIN header on some mvebu platforms
(e.g. A370, AXP) must always be aligned with the 128-bit boundary. This
requirement can be met by inserting dummy arguments into BIN header.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
2021-10-28 10:33:32 +02:00
Pali Rohár
8010f4ffc5 tools: kwbimage: Update comments describing kwbimage v1 structures
These structures are relevant for several other platforms, mention them
all.

Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
2021-10-01 11:07:13 +02:00
Marek Behún
fe2fd73d55 tools: kwbimage: Refactor kwbimage header size determination
Add functions kwbheader_size() and kwbheader_size_for_csum().

Refactor code determining header size to use these functions.

Refactor header checksum determining function.

Remove stuff that is not needed anymore.

This simplifies the code a little and fixes one instance of validating
header size meant for checksum instead of whole header size.

Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
2021-10-01 11:07:13 +02:00
Marek Behún
acb0b38d6a tools: kwbimage: Refactor image_version()
Rename this function to kwbimage_version() and don't cast argument if
not needed.

Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
2021-10-01 11:07:13 +02:00
Marek Behún
732c930b21 tools: kwbimage: Simplify iteration over version 1 optional headers
Create macro
  for_each_opt_hdr_v1
and functions
  opt_hdr_v1_size(),
  opt_hdr_v1_valid_size(),
  opt_hdr_v1_ext(),
  opt_hdr_v1_first() and
  opt_hdr_v1_next()
to simplify iteration over version 1 optional headers.

This prevents ugly code repetition and makes it nicer to read.

Signed-off-by: Marek Behún <marek.behun@nic.cz>
2021-10-01 11:07:13 +02:00
Marek Behún
3b5da64edf tools: kwbimage: Fix printf format warning
On 32-bit ARM the compiler complains:
  tools/kwbimage.c:547: warning: format ‘%lu’ expects argument of type
                                 ‘long unsigned int’, but argument 4 has
		                 type ‘unsigned int’

Fix this by using %zu instead of %lu format specifier.

Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
2021-10-01 11:07:13 +02:00
Pali Rohár
4116a0f38a tools: kwbimage: Remove comment about unimplemented register headers in v1 images
Support for register headers in v1 images was implemented in commit
02ba70ad68 ("tools: kwbimage: Add support for DATA command also for v1
images"). So remove old comment.

Signed-off-by: Pali Rohár <pali@kernel.org>
Fixes: 02ba70ad68 ("tools: kwbimage: Add support for DATA command also for v1 images")
Reviewed-by: Stefan Roese <sr@denx.de>
2021-09-01 08:09:24 +02:00
Heinrich Schuchardt
f0317d7882 kwbimage: check return value of image_get_csk_index
image_get_csk_index() may return -1 in case of an error. Don't use this
value as index.

This resolves Coverity CID 338488
Memory - illegal accesses  (NEGATIVE_RETURNS)

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Pali Rohár <pali@kernel.org>
2021-09-01 08:09:24 +02:00
Heinrich Schuchardt
f858bb2e6c kwbimage: check fopen() return value
Always check the return value of fopen().

This resolves Coverity CID 338491:
Null pointer dereferences (NULL_RETURNS)

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Pali Rohár <pali@kernel.org>
2021-09-01 08:09:24 +02:00
Pali Rohár
e515a33040 tools: kwbimage: Use IBR_HDR_* constants instead of raw numbers
There are already IBR_HDR_* constants for these numbers, so use them.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
2021-09-01 08:07:04 +02:00
Pali Rohár
a008dbaa8c tools: kwbimage: Verify size of image data
Part of image data is 4 byte checksum, so every image must contain at least
4 bytes. Verify it to prevent memory corruptions.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
2021-09-01 08:07:04 +02:00
Pali Rohár
33a0af2d80 tools: kwbimage: Verify size of v0 image header
Check that extended image header size is not larger than file size.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
2021-09-01 08:07:04 +02:00
Pali Rohár
b984056fa6 tools: kwbimage: Verify supported image version
Only image versions 0 and 1 are supported. Verify it in
kwbimage_verify_header() function.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
2021-09-01 08:07:04 +02:00
Pali Rohár
3d7b93d51c kwbimage: Update help message about how to extract from an existing image
Extracting is now supported by dumpimage, so mention it in help instead
of `kwbimage -x`.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
2021-07-31 09:59:58 +02:00
Pali Rohár
aa6943ca31 kwbimage: Add support for extracting images via dumpimage tool
The kwbimage library does not support extracting subimages. Implement it.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
2021-07-31 09:59:58 +02:00
Pali Rohár
ad906753c2 tools: kwbimage: Remove v1 kwbimage SPL padding to CONFIG_SYS_U_BOOT_OFFS bytes
This padding depends on board config file and therefore it makes the
mkimage binary tool board specific, which is not correct. One cannot use
mkimage tool built as a result for board A to generate images for board
B, even if both A and B are on the same platform.

This CONFIG_SYS_U_BOOT_OFFS padding was needed when kwbimage v1 contained
SPL code which loaded U-Boot proper based on CONFIG_SYS_U_BOOT_OFFS,
instead of reading correct offset from kwbimage header.

Now that SPL code parses kwbimage header and deterinate correct offset,
there is no need for this CONFIG_SYS_U_BOOT_OFFS padding anymore.

By removing it we also reduce the size of SPL code and therefore also
decrease the final size of v1 kwbimage. This means there is more space
for U-Boot proper binary.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
2021-07-31 09:59:58 +02:00
Pali Rohár
19a81bdb3e tools: dumpimage: Show error message when trying to extract data from kwbimage
There is no code for extracting data from kwbimage, so show an error
message when user tries this via e.g. dumpimage call:
  ./tools/dumpimage -T kwbimage -o /tmp/out u-boot-spl.kwb

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
2021-07-31 09:49:31 +02:00
Pali Rohár
a18ae18a59 tools: dumpimage: Fix crashing when trying to extract data from kwbimage
Trying to call the following command causes NULL pointer dereference in
strlen():
  ./tools/dumpimage -T kwbimage -o /tmp/out u-boot-spl.kwb

Fix it by checking whether params->imagename is non-NULL before calling
strlen().

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
2021-07-31 09:49:31 +02:00
Pali Rohár
b4f3cc2c42 tools: kwbimage: Do not hide usage of secure header under CONFIG_ARMADA_38X
The mkimage host tool can be used to generate kwbimage v1 image with
secure header on host system for A38x plaform also when U-Boot is being
compiled for different platform. So there is no reason to not allow
compiling of mkimage/kwbimage with secure header support for e.g. x86-64
host.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
Tested-by: Chris Packham <judge.packham@gmail.com>
2021-07-31 09:49:31 +02:00
Pali Rohár
f63c583f9d tools: kwbimage: Add support for a new DATA_DELAY command
This command is supported only by v1 images and specifies a milliseconds
delay after executing some set of DATA commands. The special string value
SDRAM_SETUP instructs BootROM to setup SDRAM controller instead of
executing delay. SDRAM_SETUP may be specified only once and after the
last DATA command.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
Tested-by: Chris Packham <judge.packham@gmail.com>
2021-07-31 09:49:31 +02:00
Pali Rohár
02ba70ad68 tools: kwbimage: Add support for DATA command also for v1 images
The DATA command is already supported by mkimage for v0 images, but not
for v1 images.

BootROM code which executes v1 images also supports DATA command via an
optional extended v1 header OPT_HDR_V1_REGISTER_TYPE.

Implement support for DATA command for v1 images.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
Tested-by: Chris Packham <judge.packham@gmail.com>
2021-07-31 09:49:31 +02:00
Pali Rohár
c9b2134b6f tools: kwbimage: Don't parse PAYLOAD keyword
The PAYLOAD keyword does nothing. No code is using it and both mkimage
and kwbimage completely ignore it. It looks like a relict from the past.
The payload image itself can be specified only via -d parameter to
mkimage.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
Tested-by: Chris Packham <judge.packham@gmail.com>
2021-07-31 09:49:31 +02:00
Pali Rohár
d9fb82c508 tools: kwbimage: Add support for more BINARY headers
The kwbimage v1 format supports multiple BINARY executable headers.
Add support for it into mkimage/kwbimage tool.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
Tested-by: Chris Packham <judge.packham@gmail.com>
2021-07-31 09:49:31 +02:00
Pali Rohár
6458fd4fb1 tools: kwbimage: Fix calculating size of binary header
Binary header consist of:
* 1 byte for header type
* 3 bytes for header size
* 1 byte for number of arguments
* 3 reserved bytes
* N*4 bytes for arguments
* M bytes (aligned to 4 bytes) for executable data
* 1 byte for information about next header
* 3 reserved bytes

The first four bytes are specified as
  sizeof(struct opt_hdr_v1)
and the remaining bytes as
  ALIGN(s.st_size, 4) + (binarye->binary.nargs + 2) * sizeof(uint32_t)

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
2021-07-31 09:49:31 +02:00
Pali Rohár
6c7f152eef tools: kwbimage: Change maximum number of arguments in binary header to 256
The number is stored in one byte, so the maximum should be 255.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
2021-07-31 09:49:31 +02:00
Pali Rohár
cc3443ffa0 tools: kwbimage: Use -a parameter (load address) for v1 images
The data part of v1 kwbimage currently contains U-Boot binary prepended
by 64 bytes long Legacy U-Boot image header. This means that the load
address is currently substracted by 64 bytes to ensure that U-Boot's
entry point is at specified execution address.

As mkimage has already separate arguments for load (-a) and execution
(-e) address, there is no need to derive fixed load address from
execution address.

Therefore remove this load address hack from the kwbimage tool and
support generating v1 kwbimage with arbitrary addresses for load and
execution.

Finally, calculate correct load address by caller for mkimage tool in
Makefile. File u-boot-spl.kwb is always a v1 kwbimage and it is the only
v1 kwbimage which U-Boot's build system generates.

Remove also useless overwriting of destaddr for /binary.0 to the value
which is already set on previous lines.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Tested-by: Chris Packham <judge.packham@gmail.com>
2021-07-31 09:49:31 +02:00
Pali Rohár
34dcf952d8 tools: kwbimage: Print size of binary header in kwbimage_print_header()
The binary header in kwbimage contains executable SPL code.

Print information about this binary header and not only information
about it's data part.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Tested-by: Chris Packham <judge.packham@gmail.com>
2021-07-31 09:49:31 +02:00
Pali Rohár
e0c243c398 tools: kwbimage: Validate data checksum of v1 images
The data part of v1 images contains 32-bit checksum after the data.
Validate whether this checksum is correct.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Tested-by: Chris Packham <judge.packham@gmail.com>
2021-07-31 09:49:31 +02:00
Pali Rohár
9380445f65 tools: kwbimage: Validate extended headers of v1 images
Add basic checks for extended headers of v1 images.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Tested-by: Chris Packham <judge.packham@gmail.com>
2021-07-31 09:49:31 +02:00
Pali Rohár
fe2c0e259b tools: kwbimage: Fix check for v0 extended header checksum
Extended header checksum for v0 image is present only in the case when
extended header is present. Skip checksum validation if extended header
is not present.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Tested-by: Chris Packham <judge.packham@gmail.com>
2021-07-31 09:49:31 +02:00
Pali Rohár
4efbf1c327 tools: kwbimage: Don't crash when binary file name does not contain '/'
In the case when the file name is specified relative to the current
working directory, it does not contain '/' character and strrchr()
returns NULL.

The following strcmp() function then crashes on NULL pointer
dereference.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Tested-by: Chris Packham <judge.packham@gmail.com>
2021-07-31 09:49:31 +02:00
Pali Rohár
501a54a29c tools: kwbimage: Fix generation of SATA, SDIO and PCIe images
SATA and SDIO images must be aligned to sector size (which in most cases
is 512 bytes) and Source Address in main header is stored in number of
sectors from the beginning of the drive. SATA image must be stored at
sector 1 and SDIO image at sector 0. Source Address for PCIe image is
not used and must be set to 0xFFFFFFFF.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Tested-by: Chris Packham <judge.packham@gmail.com>
2021-07-31 09:49:31 +02:00
Pali Rohár
c934aad06c tools: kwbimage: Align SPI and NAND images to 256 bytes
Writing into SPI NOR and NAND memory can be done only in 256 bytes long
blocks. Align final image size so that when it is burned into SPI NOR or
NAND memory via U-Boot's commands (sf or mtd), we can use the $filesize
variable directly as the length argument.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Tested-by: Chris Packham <judge.packham@gmail.com>
2021-07-31 09:49:31 +02:00
Pali Rohár
37cb9c15d7 tools: kwbimage: Simplify aligning and calculating checksum
The return value of kwbimage_generate() is used for aligning the data
part of kwbimage. Use it for calculating proper 4 byte alignment as is
required by BootROM and also use it for allocating additional 4 bytes
for the 32-bit data checksum.

This simplifies the alignment code to be only at one place (in function
kwbimage_generate) and also simplifies setting checksum as it can be
directly updated in memory.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Tested-by: Chris Packham <judge.packham@gmail.com>
2021-07-31 09:49:31 +02:00
Kever Yang
e002ee7efc tools: kwbimage: use common ALIGN to do the size align
The ALIGN() is now available at imagetool.h, migrate to use it.

Signed-off-by: Kever Yang <kever.yang@rock-chips.com>
Reviewed-by: Punit Agrawal <punit1.agrawal@toshiba.co.jp>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Stefan Roese <sr@denx.de>
2020-04-24 10:10:00 -04:00
Young Xiao
2251512345 kwbimage: fixing the issue with proper return code checking
EVP_VerifyFinal would return one of three values:
1 if the data is verified to be correct;
0 if it is incorrect;
-1 if there is any failure in the verification process.

The varification in unpatched version is wrong, since it ignored
the return value of -1.

The bug allows a malformed signature to be treated as a good
signature rather than as an error. This issue affects the
signature checks on DSA ans ECDSA keys used with SSL/TLS.

This issue is similar to CVE-2008-5077, CVE-2009-0021,
CVE-2009-0025, CVE-2009-0046 ~ CVE-2009-0049.

Signed-off-by: Young Xiao <92siuyang@gmail.com>
Signed-off-by: Stefan Roese <sr@denx.de>
2019-05-03 08:14:39 +02:00
Chris Packham
8cbafd1448 tools: kwbimage: don't adjust for image_header for Armada MSYS
For the time being the Armada MSYS SoCs need to use the bin_hdr from the
Marvell U-Boot. Because of this the binary.0 does not contain the image
header that a proper u-boot SPL would so the adjustment introduced by
commit 94084eea3b ("tools: kwbimage: Fix dest addr") does not apply.

Signed-off-by: Chris Packham <judge.packham@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
2019-04-12 07:04:18 +02:00
Tom Rini
83d290c56f SPDX: Convert all of our single license tags to Linux Kernel style
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from.  So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry.  Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents.  There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>
2018-05-07 09:34:12 -04:00
Alexander Graf
6cd5678c45 kwbimage: Fix out of bounds access
The kwbimage format is reading beyond its header structure if it
misdetects a Xilinx Zynq image and tries to read it. Fix it by
sanity checking that the header we want to read fits inside our
file size.

Signed-off-by: Alexander Graf <agraf@suse.de>
Tested-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
2018-03-30 12:52:48 +02:00
Jonathan Gray
a2d5efd74f tools/kwbimage: fix LibreSSL build
Fix build after addition of RSA_get0_key() to LibreSSL.
Patch from Theo Buehler and Stuart Henderson.

Signed-off-by: Theo Buehler <tb@openbsd.org>
Signed-off-by: Stuart Henderson <sthen@openbsd.org>
2018-02-23 10:40:51 -05:00
Baruch Siach
db7cd4ed33 tools/kwbimage: fix v1 header verification
The verify_header callback in kwbimage.c only verifies v0 headers checksum.
Running 'mkimage -l' on a v1 image gives the following misleading output:

GP Header: Size ae000000 LoadAddr 34160600

Implement support for v1 headers. For that, factor out the header checksum code
to a separate main_hdr_checksum_ok() routine. This routine relies on the fact
that the checksum field offset is the same in both v0 and v1 headers. With this
patch applied 'mkimage -l' correctly identifies the image:

Image Type:   MVEBU Boot from sdio Image
Image version:1
Data Size:    398904 Bytes = 389.55 KiB = 0.38 MiB
Load Address: 007fffc0
Entry Point:  00800000

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Stefan Roese <sr@denx.de>
2017-07-12 06:57:55 +02:00
Marek Behún
56491f98d4 tools/kwbimage: Support building with LibreSSL
The kwbimage utility fails to compile when LibreSSL is present on
the host system instead of OpenSSL. This one-line patch resolves
this.

Signed-off-by: Marek Behun <marek.behun@nic.cz>
2017-06-09 20:34:57 -04:00
Patrick Wildt
6cbf7eda3c arm: mvebu: kwbimage: inline function to fix use-after-free
image_version_file()'s only use is to return the version number of the
specified image, and it's only called by kwbimage_generate().  This
version function mallocs "image_cfg" and reads the contents of the image
into that buffer.  Before return to its caller it frees the buffer.

After extracting the version, kwb_image_generate() tries to calculate
the header size by calling image_headersz_v1().  This function now
accesses "image_cfg", which has already been freed.

Since image_version_file() is only used by a single function, inline it
into kwbimage_generate() and only free the buffer after it is no longer
needed.  This also improves code readability since the code is mostly
equal to kwbimage_set_header().

Signed-off-by: Patrick Wildt <patrick@blueri.se>
Signed-off-by: Stefan Roese <sr@denx.de>
2017-05-31 07:43:04 +02:00
Jelle van der Waa
e15843b115 tools: kwbimage fix build with OpenSSL 1.1.x
The rsa_st struct has been made opaque in 1.1.x, add forward compatible
code to access the n, e, d members of rsa_struct.

EVP_MD_CTX_cleanup has been removed in 1.1.x and EVP_MD_CTX_reset should be
called to reinitialise an already created structure.

Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
2017-05-12 08:37:20 -04:00
Mario Six
1f6c8a5733 tools: kwbimage: Fix unchecked return value and fd leak
The return value of fstat was not checked in kwbimage, and in the case
of an error, the already open file was not closed. Fix both errors.

Reported-by: Coverity (CID: 155971)
Reported-by: Coverity (CID: 155969)
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Signed-off-by: Stefan Roese <sr@denx.de>
2017-02-17 10:15:21 +01:00
Mario Six
a1b6b0a9c1 arm: mvebu: Implement secure boot
The patch implements secure booting for the mvebu architecture.

This includes:
- The addition of secure headers and all needed signatures and keys in
  mkimage
- Commands capable of writing the board's efuses to both write the
  needed cryptographic data and enable the secure booting mechanism
- The creation of convenience text files containing the necessary
  commands to write the efuses

The KAK and CSK keys are expected to reside in the files kwb_kak.key and
kwb_csk.key (OpenSSL 2048 bit private keys) in the top-level directory.

Signed-off-by: Reinhard Pfau <reinhard.pfau@gdsys.cc>
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Stefan Roese <sr@denx.de>
2017-02-01 09:04:18 +01:00
Mario Six
4991b4f7f1 tools: kwbimage: Refactor line parsing and fix error
The function image_create_config_parse_oneline is pretty complex, and
since more parameters will be added to support secure booting, we
refactor the function to make it more readable.

Also, when a line contained just a keyword without any parameters,
strtok_r returned NULL, which was then indiscriminately fed into atoi,
causing a segfault. To correct this, we add a NULL check before feeding
the extracted token to atoi, and print an error message in case the
token is NULL.

Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
2017-02-01 09:04:11 +01:00
Mario Six
79066ef8c9 tools: kwbimage: Factor out add_binary_header_v1
In preparation of adding the creation of secure headers, we factor the
add_binary_header_v1 function out of the image_create_v1 function.

Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
2017-02-01 09:04:06 +01:00
Mario Six
e93cf53f14 tools: kwbimage: Remove unused parameter
The parameter 'params' of the image_headersz_v1 function is never used
by the function.

Hence, remove it.

Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
2017-02-01 09:03:59 +01:00