Only image versions 0 and 1 are supported. Verify it in
kwbimage_verify_header() function.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Extracting is now supported by dumpimage, so mention it in help instead
of `kwbimage -x`.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
The kwbimage library does not support extracting subimages. Implement it.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
This padding depends on board config file and therefore it makes the
mkimage binary tool board specific, which is not correct. One cannot use
mkimage tool built as a result for board A to generate images for board
B, even if both A and B are on the same platform.
This CONFIG_SYS_U_BOOT_OFFS padding was needed when kwbimage v1 contained
SPL code which loaded U-Boot proper based on CONFIG_SYS_U_BOOT_OFFS,
instead of reading correct offset from kwbimage header.
Now that SPL code parses kwbimage header and deterinate correct offset,
there is no need for this CONFIG_SYS_U_BOOT_OFFS padding anymore.
By removing it we also reduce the size of SPL code and therefore also
decrease the final size of v1 kwbimage. This means there is more space
for U-Boot proper binary.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
There is no code for extracting data from kwbimage, so show an error
message when user tries this via e.g. dumpimage call:
./tools/dumpimage -T kwbimage -o /tmp/out u-boot-spl.kwb
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Trying to call the following command causes NULL pointer dereference in
strlen():
./tools/dumpimage -T kwbimage -o /tmp/out u-boot-spl.kwb
Fix it by checking whether params->imagename is non-NULL before calling
strlen().
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
The mkimage host tool can be used to generate kwbimage v1 image with
secure header on host system for A38x plaform also when U-Boot is being
compiled for different platform. So there is no reason to not allow
compiling of mkimage/kwbimage with secure header support for e.g. x86-64
host.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
Tested-by: Chris Packham <judge.packham@gmail.com>
This command is supported only by v1 images and specifies a milliseconds
delay after executing some set of DATA commands. The special string value
SDRAM_SETUP instructs BootROM to setup SDRAM controller instead of
executing delay. SDRAM_SETUP may be specified only once and after the
last DATA command.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
Tested-by: Chris Packham <judge.packham@gmail.com>
The DATA command is already supported by mkimage for v0 images, but not
for v1 images.
BootROM code which executes v1 images also supports DATA command via an
optional extended v1 header OPT_HDR_V1_REGISTER_TYPE.
Implement support for DATA command for v1 images.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
Tested-by: Chris Packham <judge.packham@gmail.com>
The PAYLOAD keyword does nothing. No code is using it and both mkimage
and kwbimage completely ignore it. It looks like a relict from the past.
The payload image itself can be specified only via -d parameter to
mkimage.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
Tested-by: Chris Packham <judge.packham@gmail.com>
The kwbimage v1 format supports multiple BINARY executable headers.
Add support for it into mkimage/kwbimage tool.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
Tested-by: Chris Packham <judge.packham@gmail.com>
Binary header consist of:
* 1 byte for header type
* 3 bytes for header size
* 1 byte for number of arguments
* 3 reserved bytes
* N*4 bytes for arguments
* M bytes (aligned to 4 bytes) for executable data
* 1 byte for information about next header
* 3 reserved bytes
The first four bytes are specified as
sizeof(struct opt_hdr_v1)
and the remaining bytes as
ALIGN(s.st_size, 4) + (binarye->binary.nargs + 2) * sizeof(uint32_t)
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
The number is stored in one byte, so the maximum should be 255.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
The data part of v1 kwbimage currently contains U-Boot binary prepended
by 64 bytes long Legacy U-Boot image header. This means that the load
address is currently substracted by 64 bytes to ensure that U-Boot's
entry point is at specified execution address.
As mkimage has already separate arguments for load (-a) and execution
(-e) address, there is no need to derive fixed load address from
execution address.
Therefore remove this load address hack from the kwbimage tool and
support generating v1 kwbimage with arbitrary addresses for load and
execution.
Finally, calculate correct load address by caller for mkimage tool in
Makefile. File u-boot-spl.kwb is always a v1 kwbimage and it is the only
v1 kwbimage which U-Boot's build system generates.
Remove also useless overwriting of destaddr for /binary.0 to the value
which is already set on previous lines.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Tested-by: Chris Packham <judge.packham@gmail.com>
The binary header in kwbimage contains executable SPL code.
Print information about this binary header and not only information
about it's data part.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Tested-by: Chris Packham <judge.packham@gmail.com>
The data part of v1 images contains 32-bit checksum after the data.
Validate whether this checksum is correct.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Tested-by: Chris Packham <judge.packham@gmail.com>
Add basic checks for extended headers of v1 images.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Tested-by: Chris Packham <judge.packham@gmail.com>
Extended header checksum for v0 image is present only in the case when
extended header is present. Skip checksum validation if extended header
is not present.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Tested-by: Chris Packham <judge.packham@gmail.com>
In the case when the file name is specified relative to the current
working directory, it does not contain '/' character and strrchr()
returns NULL.
The following strcmp() function then crashes on NULL pointer
dereference.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Tested-by: Chris Packham <judge.packham@gmail.com>
SATA and SDIO images must be aligned to sector size (which in most cases
is 512 bytes) and Source Address in main header is stored in number of
sectors from the beginning of the drive. SATA image must be stored at
sector 1 and SDIO image at sector 0. Source Address for PCIe image is
not used and must be set to 0xFFFFFFFF.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Tested-by: Chris Packham <judge.packham@gmail.com>
Writing into SPI NOR and NAND memory can be done only in 256 bytes long
blocks. Align final image size so that when it is burned into SPI NOR or
NAND memory via U-Boot's commands (sf or mtd), we can use the $filesize
variable directly as the length argument.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Tested-by: Chris Packham <judge.packham@gmail.com>
The return value of kwbimage_generate() is used for aligning the data
part of kwbimage. Use it for calculating proper 4 byte alignment as is
required by BootROM and also use it for allocating additional 4 bytes
for the 32-bit data checksum.
This simplifies the alignment code to be only at one place (in function
kwbimage_generate) and also simplifies setting checksum as it can be
directly updated in memory.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Tested-by: Chris Packham <judge.packham@gmail.com>
The ALIGN() is now available at imagetool.h, migrate to use it.
Signed-off-by: Kever Yang <kever.yang@rock-chips.com>
Reviewed-by: Punit Agrawal <punit1.agrawal@toshiba.co.jp>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Stefan Roese <sr@denx.de>
EVP_VerifyFinal would return one of three values:
1 if the data is verified to be correct;
0 if it is incorrect;
-1 if there is any failure in the verification process.
The varification in unpatched version is wrong, since it ignored
the return value of -1.
The bug allows a malformed signature to be treated as a good
signature rather than as an error. This issue affects the
signature checks on DSA ans ECDSA keys used with SSL/TLS.
This issue is similar to CVE-2008-5077, CVE-2009-0021,
CVE-2009-0025, CVE-2009-0046 ~ CVE-2009-0049.
Signed-off-by: Young Xiao <92siuyang@gmail.com>
Signed-off-by: Stefan Roese <sr@denx.de>
For the time being the Armada MSYS SoCs need to use the bin_hdr from the
Marvell U-Boot. Because of this the binary.0 does not contain the image
header that a proper u-boot SPL would so the adjustment introduced by
commit 94084eea3b ("tools: kwbimage: Fix dest addr") does not apply.
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.
In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.
This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.
Signed-off-by: Tom Rini <trini@konsulko.com>
The kwbimage format is reading beyond its header structure if it
misdetects a Xilinx Zynq image and tries to read it. Fix it by
sanity checking that the header we want to read fits inside our
file size.
Signed-off-by: Alexander Graf <agraf@suse.de>
Tested-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
Fix build after addition of RSA_get0_key() to LibreSSL.
Patch from Theo Buehler and Stuart Henderson.
Signed-off-by: Theo Buehler <tb@openbsd.org>
Signed-off-by: Stuart Henderson <sthen@openbsd.org>
The verify_header callback in kwbimage.c only verifies v0 headers checksum.
Running 'mkimage -l' on a v1 image gives the following misleading output:
GP Header: Size ae000000 LoadAddr 34160600
Implement support for v1 headers. For that, factor out the header checksum code
to a separate main_hdr_checksum_ok() routine. This routine relies on the fact
that the checksum field offset is the same in both v0 and v1 headers. With this
patch applied 'mkimage -l' correctly identifies the image:
Image Type: MVEBU Boot from sdio Image
Image version:1
Data Size: 398904 Bytes = 389.55 KiB = 0.38 MiB
Load Address: 007fffc0
Entry Point: 00800000
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Stefan Roese <sr@denx.de>
The kwbimage utility fails to compile when LibreSSL is present on
the host system instead of OpenSSL. This one-line patch resolves
this.
Signed-off-by: Marek Behun <marek.behun@nic.cz>
image_version_file()'s only use is to return the version number of the
specified image, and it's only called by kwbimage_generate(). This
version function mallocs "image_cfg" and reads the contents of the image
into that buffer. Before return to its caller it frees the buffer.
After extracting the version, kwb_image_generate() tries to calculate
the header size by calling image_headersz_v1(). This function now
accesses "image_cfg", which has already been freed.
Since image_version_file() is only used by a single function, inline it
into kwbimage_generate() and only free the buffer after it is no longer
needed. This also improves code readability since the code is mostly
equal to kwbimage_set_header().
Signed-off-by: Patrick Wildt <patrick@blueri.se>
Signed-off-by: Stefan Roese <sr@denx.de>
The rsa_st struct has been made opaque in 1.1.x, add forward compatible
code to access the n, e, d members of rsa_struct.
EVP_MD_CTX_cleanup has been removed in 1.1.x and EVP_MD_CTX_reset should be
called to reinitialise an already created structure.
Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
The return value of fstat was not checked in kwbimage, and in the case
of an error, the already open file was not closed. Fix both errors.
Reported-by: Coverity (CID: 155971)
Reported-by: Coverity (CID: 155969)
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Signed-off-by: Stefan Roese <sr@denx.de>
The patch implements secure booting for the mvebu architecture.
This includes:
- The addition of secure headers and all needed signatures and keys in
mkimage
- Commands capable of writing the board's efuses to both write the
needed cryptographic data and enable the secure booting mechanism
- The creation of convenience text files containing the necessary
commands to write the efuses
The KAK and CSK keys are expected to reside in the files kwb_kak.key and
kwb_csk.key (OpenSSL 2048 bit private keys) in the top-level directory.
Signed-off-by: Reinhard Pfau <reinhard.pfau@gdsys.cc>
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Stefan Roese <sr@denx.de>
The function image_create_config_parse_oneline is pretty complex, and
since more parameters will be added to support secure booting, we
refactor the function to make it more readable.
Also, when a line contained just a keyword without any parameters,
strtok_r returned NULL, which was then indiscriminately fed into atoi,
causing a segfault. To correct this, we add a NULL check before feeding
the extracted token to atoi, and print an error message in case the
token is NULL.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
In preparation of adding the creation of secure headers, we factor the
add_binary_header_v1 function out of the image_create_v1 function.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
The parameter 'params' of the image_headersz_v1 function is never used
by the function.
Hence, remove it.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
This patch reduces the scope of some variables.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
Arithmetic with void pointers, e.g. a - b where both a and b are void
pointers, is undefined in the C standard. Since we are operating with
byte data here, we switch the void pointers to uint8_t pointers, and add
the necessary casts.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
Fix some style violations:
- nine instances of missing blank lines after declarations
- one overly long line
- one split string (which also rewords an error message more concisely)
- two superfluous else
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
To enable secure boot, we need to jump back into the BootROM to continue
the SoC's boot process instead of letting the SPL load and run the main
U-Boot image.
But, since the u-boot-spl.img (including the 64 byte header) is loaded
by the SoC as the main image, we need to compensate for the header
length to get a correct entry point.
Thus, we subtract the header size from the destination address, so that
the execution address points at the actual entry point of the image.
The current boards ignore both parameters anyway, so this change shouldn't
concern them.
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
Offset 0x1 in the generated kwb image file is a set of flags, bit 0
enables debug output from the BootROM firmware. Allow a DEBUG option in
the kwb configuration to request debug output from the BootROM firmware.
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Stefan Roese <sr@denx.de>
Offset 0x18 in some Marvell datasheets this field is redacted as
"reserved". This offset is actually a set of options and bits 2:0 allow
the selection of the UART baudrate.
Allow a BAUDRATE option to set the UART baudrate for any messages coming
from the BootROM firmware.
Signed-off-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Stefan Roese <sr@denx.de>
Fix computation of haeder size and binary header size.
Size of opt header and some 32bit values were not taken into account. This could
result in invalid boot images (due to the wrong binary header size, the image could
claim to have another extension header after the binary extension although there
is none).
Use "uint32_t" instead of "unsigned int" for header size computation.
Signed-off-by: Reinhard Pfau <reinhard.pfau@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Cc: Luka Perkov <luka.perkov@sartura.hr>
KWB image header values are in little endian (LE).
So adding appropriate cpu_to_leXX() calls to allow building those images
on BE hosts, too.
Signed-off-by: Reinhard Pfau <reinhard.pfau@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
With the dtb added to the main U-Boot image, it can happen, that
the resulting image is not 4-byte aligned. As the dtb tends to
be unaligned. But the image needs to be 4-byte aligned. At least the
Marvell hdrparser tool complains if its unaligned. By returning 1 here
in kwbimage_generate(), called via tparams->vrec_header() in mkimage.c,
mkimage will automatically pad the resulting image to a 4-byte size
if necessary.
Signed-off-by: Stefan Roese <sr@denx.de>
Cc: Luka Perkov <luka.perkov@sartura.hr>
Cc: Dirk Eibach <eibach@gdsys.de>
The binary header ends with one lword, defining if another header
follows this one. This additions 4 bytes need to be taken into
account in the generation of the header size. And the complete
4 bytes at the end of this binary header need to get cleared.
Signed-off-by: Stefan Roese <sr@denx.de>
Cc: Luka Perkov <luka.perkov@sartura.hr>
Cc: Kevin Smith <kevin.smith@elecsyscorp.com>
Currently, kwboot only allows dynamic UART boot mode patching for SoCs
with header version 0 (Orion, Kirkwood). This patch now enables this "-p"
feature also for SoCs with header version 1 (Armada XP / 38x etc). With
this its possible now to use the UART boot mode without on images that
are generated for other boot devices, like SPI. So no need to change
BOOT_FROM to "uart" for UART xmodem booting any more.
Signed-off-by: Stefan Roese <sr@denx.de>
Tested-by: Kevin Smith <kevin.smith@elecsyscorp.com>
Cc: Luka Perkov <luka.perkov@sartura.hr>
Cc: Dirk Eibach <eibach@gdsys.de>
