Commit graph

145 commits

Author SHA1 Message Date
Heiko Schocher
29a23f9d6c tools, fit_check_sign: verify a signed fit image
add host tool "fit_check_sign" which verifies, if a fit image is
signed correct.

Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: Simon Glass <sjg@chromium.org>
2014-03-21 16:40:38 -04:00
Heiko Schocher
db1b5f3d20 rsa: add sha256,rsa4096 algorithm
Add support for sha256,rsa4096 signatures in u-boot.

Signed-off-by: Heiko Schocher <hs@denx.de>
Acked-by: Simon Glass <sjg@chromium.org>
Cc: andreas@oetken.name
2014-03-21 16:39:35 -04:00
Heiko Schocher
646257d1f4 rsa: add sha256-rsa2048 algorithm
based on patch from andreas@oetken.name:

http://patchwork.ozlabs.org/patch/294318/
commit message:
I currently need support for rsa-sha256 signatures in u-boot and found out that
the code for signatures is not very generic. Thus adding of different
hash-algorithms for rsa-signatures is not easy to do without copy-pasting the
rsa-code. I attached a patch for how I think it could be better and included
support for rsa-sha256. This is a fast first shot.

aditionally work:
- removed checkpatch warnings
- removed compiler warnings
- rebased against current head

Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: andreas@oetken.name
Cc: Simon Glass <sjg@chromium.org>
2014-03-21 16:39:34 -04:00
Heiko Schocher
2842c1c242 fit: add sha256 support
add sha256 support to fit images

Signed-off-by: Heiko Schocher <hs@denx.de>
Acked-by: Simon Glass <sjg@chromium.org>
2014-03-21 16:39:33 -04:00
Masahiro Yamada
95f7062710 fdt: rename IMAAGE_OF_BOARD_SETUP to IMAGE_OF_BOARD_SETUP
Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
Acked-by: Simon Glass <sjg@chromium.org>
2014-02-19 10:47:30 -05:00
Alexey Brodkin
bc5d542880 arc: bdinfo, image and arc-specific init functions declarations support
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>

Cc: Vineet Gupta <vgupta@synopsys.com>
Cc: Francois Bedard <fbedard@synopsys.com>
Cc: Wolfgang Denk <wd@denx.de>
Cc: Heiko Schocher <hs@denx.de>
2014-02-07 08:14:33 -05:00
David Feng
0ae7653128 arm64: core support
Relocation code based on a patch by Scott Wood, which is:
Signed-off-by: Scott Wood <scottwood@freescale.com>

Signed-off-by: David Feng <fenghua@phytium.com.cn>
2014-01-09 16:08:44 +01:00
Marek Vasut
bce8837071 ARM: mxs: tools: Add mkimage support for MXS bootstream
Add mkimage support for generating and verifying MXS bootstream.
The implementation here is mostly a glue code between MXSSB v0.4
and mkimage, but the long-term goal is to rectify this and merge
MXSSB with mkimage more tightly. Once this code is properly in
U-Boot, MXSSB shall be deprecated in favor of mkimage-mxsimage
support.

Note that the mxsimage generator needs libcrypto from OpenSSL, I
therefore enabled the libcrypto/libssl unconditionally.

MXSSB: http://git.denx.de/?p=mxssb.git;a=summary

The code is based on research presented at:
http://www.rockbox.org/wiki/SbFileFormat

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Tom Rini <trini@ti.com>
Cc: Fabio Estevam <fabio.estevam@freescale.com>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Otavio Salvador <otavio@ossystems.com.br>
2013-08-31 15:26:52 +02:00
Wolfgang Denk
1a4596601f Add GPL-2.0+ SPDX-License-Identifier to source files
Signed-off-by: Wolfgang Denk <wd@denx.de>
[trini: Fixup common/cmd_io.c]
Signed-off-by: Tom Rini <trini@ti.com>
2013-07-24 09:44:38 -04:00
Simon Glass
f320a4d845 bootm: Use selected configuration for ramdisk and fdt
If a specific configuraion is selected by the bootm command, e.g. with
'bootm 84000000#recoveryconf' we must honour this for not just the kernel,
but also the ramdisk and FDT.

In the conversion to using a common fit_image_load() function for loading
images from FITs (commits a51ec63 and 53f375f) this feature was lost.
Reinstate it by passing the selected configuration back from
fit_image_load() to boot_get_kernel(), then use this configuration
(which is stored in images->fit_uname_cfg) in both boot_get_ramdisk()
and boot_get_fdt().

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-07-12 10:32:39 -04:00
Simon Glass
a5266d6b5d bootm: Clean up bootz_setup() function
This function has no prototype in the headers and passes void * around, thus
requiring several casts. Tidy this up.

- Add new patch to clean up bootz_setup() function

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-07-10 09:15:14 -04:00
Simon Glass
29ce737d6f mkimage: Build signing only if board has CONFIG_FIT_SIGNATURE
At present mkimage is set up to always build with image signing support.
This means that the SSL libraries (e.g. libssl-dev) are always required.

Adjust things so that mkimage can be built with and without image signing,
controlled by the presence of CONFIG_FIT_SIGNATURE in the board config file.

If CONFIG_FIT_SIGNATURE is not enabled, then mkimage will report a warning
that signing is not supported. If the option is enabled, but libraries are
not available, then a build error similar to this will be shown:

lib/rsa/rsa-sign.c:26:25: fatal error: openssl/rsa.h: No such file or directory

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-28 16:26:52 -04:00
Simon Glass
4d0985295b image: Add support for signing of FIT configurations
While signing images is useful, it does not provide complete protection
against several types of attack. For example, it it possible to create a
FIT with the same signed images, but with the configuration changed such
that a different one is selected (mix and match attack). It is also possible
to substitute a signed image from an older FIT version into a newer FIT
(roll-back attack).

Add support for signing of FIT configurations using the libfdt's region
support.

Please see doc/uImage.FIT/signature.txt for more information.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-26 10:18:56 -04:00
Simon Glass
56518e7104 image: Support signing of images
Add support for signing images using a new signature node. The process
is handled by fdt_add_verification_data() which now takes parameters to
provide the keys and related information.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-26 10:18:56 -04:00
Simon Glass
3e569a6b1e image: Add signing infrastructure
Add a structure to describe an algorithm which can sign and (later) verify
images.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-26 10:18:56 -04:00
Simon Glass
d0ae31eb07 Add a 'fake' go command to the bootm command
For tracing it is useful to run as much of U-Boot as possible so as to get
a complete picture. Quite a bit of work happens in bootm, and we don't want
to have to stop tracing before bootm starts.

Add a way of doing a 'fake' boot of the OS - which does everything up to
the point where U-Boot is about to jump to the OS image. This allows
tracing to record right until the end.

This requires arch support to work.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-26 10:18:56 -04:00
Simon Glass
35fc84fa1f Refactor the bootm command to reduce code duplication
At present the bootm code is mostly duplicated for the plain 'bootm'
command and its sub-command variant. This makes the code harder to
maintain and means that changes must be made to several places.

Introduce do_bootm_states() which performs selected portions of the bootm
work, so that both plain 'bootm' and 'bootm <sub_command>' can use the
same code.

Additional duplication exists in bootz, so tidy that up as well. This
is not intended to change behaviour, apart from minor fixes where the
previously-duplicated code missed some chunks of code.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-26 10:18:56 -04:00
Simon Glass
4651800d51 image: Use fit_image_load() to load kernel
Use the new common code to load a kernel. The functionality should not
change.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-04 16:06:31 -04:00
Simon Glass
53f375fa81 image: Use fit_image_load() to load FDT
Use the new common code to load a flat device tree. Also fix up a few casts
so that this code works with sandbox. Other than that the functionality
should not change.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-04 16:06:31 -04:00
Simon Glass
a51ec63b85 image: Use fit_image_load() to load ramdisk
Use the new common code to load a ramdisk. The functionality should not
change.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-04 16:06:31 -04:00
Simon Glass
782cfbb259 image: Introduce fit_image_load() to load images from FITs
At present code to load an image from a FIT is duplicated in the three
places where it is needed (kernel, fdt, ramdisk).

The differences between these different code copies is fairly minor.
Create a new function in the fit code which can handle any of the
requirements of those cases.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-04 16:06:31 -04:00
Simon Glass
13d06981a9 image: Add device tree setup to image library
This seems to be a common function for several architectures, so create
a common function rather than duplicating the code in each arch.

Also make an attempt to avoid introducing #ifdefs in the new code, partly
by removing useless #ifdefs around function declarations in the image.h
header.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-05-14 15:37:25 -04:00
Simon Glass
87ebee39e9 image: Add CONFIG_FIT_SPL_PRINT to control FIT image printing in SPL
This code is very large, and in SPL it isn't always useful to print
out image information (in fact there might not even be a console
active). So disable this feature unless this option is set.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-05-14 15:37:25 -04:00
Simon Glass
1fe7d93891 image: Remove remaining #ifdefs in image-fit.c
There are only two left. One is unnecessary and the other can be moved
to the header file.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-05-14 15:37:25 -04:00
Simon Glass
35e7b0f179 sandbox: image: Add support for booting images in sandbox
Much of the image code uses addresses as ulongs and pointers interchangeably,
casting between the two forms as needed.

This doesn't work with sandbox, which has a U-Boot RAM buffer which is
separate from the host machine's memory.

Adjust the cost so that translating from a U-Boot address to a pointer uses
map_sysmem(). This allows bootm to work correctly on sandbox.

Note that there are no exhaustive tests for this code on sandbox, so it is
possible that some dark corners remain.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de> (v1)
2013-05-14 15:37:25 -04:00
Simon Glass
d8b75360ee image: Rename hash printing to fit_image_print_verification_data()
This function will be used to print signatures as well as hashes, so rename
it. Also make it static since it is not used outside this file.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
2013-05-14 15:37:25 -04:00
Simon Glass
bbb467dc3c image: Rename fit_add_hashes() to fit_add_verification_data()
We intend to add signatures to FITs also, so rename this function so that
it is not specific to hashing. Also rename fit_image_set_hashes() and
make it static since it is not used outside this file.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
2013-05-14 15:37:25 -04:00
Simon Glass
003efd7da4 image: Export fit_conf_get_prop_node()
This function will be needed by signature checking code, so export it,
and also add docs.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-05-14 15:37:25 -04:00
Simon Glass
ab9efc665a image: Move hash checking into its own function
The existing function is long and most of the code is indented a long
way. Before adding yet more code, split this out into its own function.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de> (v1)
2013-05-14 15:37:25 -04:00
Simon Glass
b8da836650 image: Rename fit_image_check_hashes() to fit_image_verify()
This is the main entry point to the FIT image verification code. We will
be using it to handle image verification with signatures, so rename the
function.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
2013-05-14 15:37:25 -04:00
Simon Glass
b7260910dc image: Convert fit_image_hash_set_value() to static, and rename
This function doesn't need to be exported, and with verification
we want to use it for setting the 'value' property in any node,
so rename it.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
2013-05-14 15:37:25 -04:00
Simon Glass
604f23dde0 image: Move HOSTCC image code to tools/
This code is never compiled into U-Boot, so move it into a separate
file in tools/ to avoid the large #ifdef.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
2013-05-14 15:37:25 -04:00
Simon Glass
61a439a873 image: Export fit_check_ramdisk()
One we split out the FIT code from image.c we will need this function.
Export it in the header.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
2013-05-14 15:37:25 -04:00
Simon Glass
859e92b775 image: Move timestamp #ifdefs to header file
Rather than repeat the line
 #if defined(CONFIG_TIMESTAMP) || defined(CONFIG_CMD_DATE) || \
	defined(USE_HOSTCC)

everywhere, put this in a header file and #define IMAGE_ENABLE_TIMESTAMP
to either 1 or 0. Then we can use a plain if() in most code and avoid
the #ifdefs.

The compiler's dead code elimination ensures that the result is the same.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Marek Vasut <marex@denx.de>
2013-05-14 15:37:25 -04:00
Steven Stallion
04d414090c image: Add support for Plan 9
Signed-off-by: Steven Stallion <sstallion@gmail.com>
Cc: Tom Rini <trini@ti.com>
Reviewed-by: Tom Rini <trini@ti.com>
2013-03-27 15:30:11 -04:00
Kim Phillips
12e06fe03f treewide: include libfdt_env.h before fdt.h
and, if including libfdt.h which includes libfdt_env.h in
the correct order, don't include fdt.h before libfdt.h.

this is needed to get the fdt type definitions set from
the project environment before fdt.h uses them.

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Cc: Jerry Van Baren <gvb.uboot@gmail.com>
2013-02-07 20:38:55 -05:00
Albert ARIBAUD
7528cf5f01 Merge branch 'u-boot-imx/master' into 'u-boot-arm/master' 2013-01-08 14:59:37 +01:00
Fabio Estevam
1411fb37b5 tools: imximage: Load a size that is multiple of 512
In order to mx53 ROM to properly load the U-boot image, its header size should
be multiple of 512 bytes.

This issue was observed with gcc 4.6.2/4.7.3, which caused data aborts:

U-Boot 2013.01-rc2-00172-gf8cfcf1-dirty (Dec 26 2012 - 13:13:28)

Board: MX53 LOCO
I2C:   ready
DRAM:  1 GiB
MMC:   FSL_SDHC: 0, FSL_SDHC: 1
In:    serial
Out:   serial
Err:   serial
CPU:   Freescale i.MX53 family rev2.1 at 1000 MHz
Reset cause: WDOG
Net:   FEC
Warning: FEC using MAC address from net device

Hit any key to stop autoboot:  0
data abort

    MAYBE you should read doc/README.arm-unaligned-accesses

pc : [<aff72220>]          lr : [<aff721fc>]
sp : af565e20  ip : af566918     fp : 00000000
r10: 00000003  r9 : affabb5b     r8 : af565f58
r7 : 00000000  r6 : 36747fff     r5 : af5668e8  r4 : 36747fff
r3 : af5668ec  r2 : af5668eb     r1 : 00000000  r0 : af5668e8
Flags: NzcV  IRQs off  FIQs off  Mode SVC_32
Resetting CPU ...

resetting ...

,and this patch fixes it.

Also, even though the ROUND macro is already defined in common.h,
the reason for redefining it in image.h is explained by Stefano Babic:

"I will remark a previous comment - even if including common.h seems a
good idea to avoid duplications, it makes tools like mkimage to depend
on the selected board, because <board>_config must run. Even if this is
not a problem for us u-boot developers, it becomes an issue when these
tools are included in distros (like u-boot-tools in Ubuntu) and cannot
be packaged."

Signed-off-by: Troy Kisky <troy.kisky@boundarydevices.com>
Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com>
2013-01-05 18:09:00 +01:00
Joe Hershberger
ec8a252cd4 env: Use getenv_yesno() more generally
Move the getenv_yesno() to env_common.c and change most checks for
'y' or 'n' to use this helper.

Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
2012-12-13 11:46:55 -07:00
Gabe Black
d95f6ec733 fdt: Add option to default to most compatible conf in a fit image
When booting a fit image with multiple configurations, the user either has to
specify which configuration to use explicitly, or there has to be a default
defined which is chosen automatically. This change adds an option to change
that behavior so that a configuration can be selected explicitly, or the
configuration which has the device tree that claims to be compatible with the
earliest item in U-Boot's device tree.

In other words, if U-Boot claimed to be compatible with A, B, and then C, and
the configurations claimed to be compatible with A, D and B, D and D, E, the
first configuration, A, D, would be chosen. Both the first and second
configurations match, but the first one matches a more specific entry in
U-Boot's device tree. The order in the kernel's device tree is ignored.

Signed-off-by: Gabe Black <gabeblack@google.com>

Commit-Ready: Gabe Black <gabeblack@chromium.org>
Signed-off-by: Simon Glass <sjg@chromium.org>
2012-11-12 23:14:57 -05:00
Kim Phillips
2f220500a4 include/image.h: sparse fixes
include/image.h:378:1: warning: cast to restricted __be32
include/image.h:381:1: warning: cast to restricted __be32
include/image.h:382:1: warning: cast to restricted __be32
include/image.h:383:1: warning: cast to restricted __be32

fix by annotating image header integers big endian.

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
2012-11-04 11:00:35 -07:00
Joe Hershberger
8ac88f2d28 fdt: Check for a token to skip auto-hash validation
Allow the itb file to declare to u-boot that its hash should not be
checked automatically on bootm or iminfo.  This allows an image to
either be checked automatically or to include a script which may
check it otherwise (such as after part of the itb has been relocated
to RAM by the script).

Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
2012-10-15 19:20:32 -04:00
Shaohui Xie
5d898a00f3 powerpc/CoreNet: add tool to support pbl image build.
Provides a tool to build boot Image for PBL(Pre boot loader) which is
used on Freescale CoreNet SoCs, PBL can be used to load some instructions
and/or data for pre-initialization. The default output image is u-boot.pbl,
for more details please refer to doc/README.pblimage.

Signed-off-by: Shaohui Xie <Shaohui.Xie@freescale.com>
Signed-off-by: Andy Fleming <afleming@freescale.com>
2012-08-23 10:24:16 -05:00
Mike Frysinger
314f634b48 image/fit: drop inline markings on parser code
Putting "inline" on extern funcs makes no sense, so drop them.

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
2012-04-30 16:38:54 +02:00
Simon Schwarz
1648a37505 Add cmd_spl command
This adds a spl command to the u-boot.

Related config:
CONFIG_CMD_SPL
	activate/deactivate the command
CONFIG_CMD_SPL_NAND_OFS
	Offset in NAND to use

Signed-off-by: Simon Schwarz <simonschwarzcor@gmail.com>
Signed-off-by: Stefano Babic <sbabic@denx.de>
CC: Tom Rini <tom.rini@gmail.com>
CC: Wolfgang Denk <wd@denx.de>
2012-03-27 22:05:28 +02:00
Stefan Kristiansson
3ddcaccda3 openrisc: Add architecture image support
Signed-off-by: Stefan Kristiansson <stefan.kristiansson@saunalahti.fi>
2012-01-13 21:16:40 +01:00
Stephen Warren
b9b50e89d3 image: Implement IH_TYPE_KERNEL_NOLOAD
The legacy uImage format includes an absolute load and entry-point
address. When bootm operates on a kernel uImage in memory that isn't
loaded at the address in the image's load address, U-Boot will copy
the image to its address in the header.

Some kernel images can actually be loaded and used at any arbitrary
address. An example is an ARM Linux kernel zImage file. To represent
this capability, IH_TYPE_KERNEL_NOLOAD is implemented, which operates
just like IH_TYPE_KERNEL, except that the load address header is
ignored, and U-Boot does not copy the image to its load address, but
rather uses it in-place.

This is useful when sharing a single (uImage-wrapped) zImage across
multiple boards with different memory layouts; in this case, a specific
load address need not be picked when creating the uImage, but instead
is selected by the board-specific U-Boot environment used to load and
boot that image.

v2: Rename from IH_TYPE_KERNEL_ANYLOAD to IH_TYPE_KERNEL_NOLOAD.

Signed-off-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Stefan Roese <sr@denx.de>
2011-12-01 09:45:35 +01:00
Stefan Kristiansson
f52138ae87 Fix clash between IH_ARCH_NDS32 and IH_ARCH_SANDBOX
NDS32 and SANDBOX architecture were sharing the same IH_ARCH number

Signed-off-by: Stefan Kristiansson <stefan.kristiansson@saunalahti.fi>
Acked-by: Macpaul Lin <macpaul@andestech.com>
Acked-by: Marek Vasut <marek.vasut@gmail.com>
2011-11-23 14:06:28 +08:00
Thierry Reding
7566832a88 image: Fix inverted logic in architecture check.
Commit 476af29 broke this check when the ifdef lists we consolidated.

Signed-off-by: Thierry Reding <thierry.reding@avionic-design.de>
Acked-by: Mike Frysinger <vapier@gentoo.org>
2011-10-27 23:53:58 +02:00
Stefano Babic
4962e38e9a mkimage: adding support for Davinci AIS image
Some Davinci processors supports the Application
Image Script (AIS) boot process. The patch adds the generation
of the AIS image inside the mkimage tool to make possible
to generate a bootable U-boot without external tools
(TI Davinci AIS Generator).

Signed-off-by: Stefano Babic <sbabic@denx.de>
CC: Wolfgang Denk <wd@denx.de>
2011-10-23 23:34:21 +02:00