Commit graph

83 commits

Author SHA1 Message Date
Roman Azarenko
0cf1a136d8 tools: ensure zeroed padding in external FIT images
Padding the header of an external FIT image is achieved by truncating
the existing temporary FIT file to match the required alignment before
appending image data. Reusing an existing file this way means that the
padding will likely contain a portion of the original data not
overwritten by the new header.

Zero out any data past the end of the new header, and stop at either
the end of the desired padding, or the end of the old FIT file,
whichever comes first.

Fixes: 7946a814a3 ("Revert "mkimage: fit: Do not tail-pad fitImage with external data"")
Signed-off-by: Roman Azarenko <roman.azarenko@iopsys.eu>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-10-11 13:22:32 -04:00
Lars Feyaerts
4860ee9b09 mkimage: allow internalization of data-position
Make it possible for data that was externalized using a static external
position (-p) to be internalized. Enables the ability to convert
existing FIT images built with -p to be converted to a FIT image where the
data is internal, to be converted to a FIT image where the data is
external relative to the end of the FIT (-E) or change the initial
static external position to a different static external position (-p).

Removing the original external-data-related properties ensures that
they're not present after conversion. Without this, they would still be
present in the resulting FIT even if the FIT has been, for example,
internalized.

Signed-off-by: Lars Feyaerts <lars@bitbiz.be>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-10-11 10:35:24 -04:00
Pali Rohár
2972d7d62f tools: imagetool: Extend print_header() by params argument
This allows image type print_header() callback to access struct
image_tool_params *params.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-04-13 11:34:47 +02:00
Massimo Pegorer
b93a65209c mkimage: fit: Support signed configurations in 'auto' FITs
Extend support for signing in auto-generated (-f auto) FIT. Previously,
it was possible to get signed 'images' subnodes in the FIT using
options -g and -o together with -f auto. This patch allows signing
'configurations' subnodes instead of 'images' ones (which are hashed),
using option -f auto-conf instead of -f auto. Adding also -K <dtb> and
-r options, will add public key to <dtb> file with required = "conf"
property.

Summary:
    -f auto => FIT with crc32 images
    -f auto -g ... -o ... => FIT with signed images
    -f auto-conf -g ... -o ... => FIT with sha1 images and signed confs

Example: FIT with kernel, two device tree files, and signed
configurations; public key (needed to verify signatures) is
added to u-boot.dtb with required = "conf" property.

mkimage -f auto-conf -A arm -O linux -T kernel -C none -a 43e00000 \
        -e 0 -d vmlinuz -b /path/to/first.dtb -b /path/to/second.dtb \
        -k /folder/with/key-files -g keyname -o sha256,rsa4096 \
        -K u-boot.dtb -r kernel.itb

Example: Add public key with required = "conf" property to u-boot.dtb
without needing to sign anything. This will also create a useless FIT
named unused.itb.

mkimage -f auto-conf -d /dev/null -k /folder/with/key-files \
        -g keyname -o sha256,rsa4096 -K u-boot.dtb -r unused.itb

Signed-off-by: Massimo Pegorer <massimo.pegorer@vimar.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2023-01-27 12:51:27 -05:00
Simon Glass
90cfae2ade mkimage: Add a few more messages for FIT failures
Add messages to make it clearer which part of the FIT creation is failing.
This can happen when an invalid 'algo' property is provided in the .its
file.

Signed-off-by: Simon Glass <sjg@chromium.org>
2023-01-18 11:49:13 -07:00
Simon Glass
f3543e6944 treewide: Drop image_header_t typedef
This is not needed and we should avoid typedefs. Use the struct instead
and rename it to indicate that it really is a legacy struct.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-09-29 16:07:57 -04:00
Sean Anderson
87b0af9317 mkimage: Support signing 'auto' FITs
This adds support for signing images in auto-generated FITs. To do this,
we need to add a signature node. The algorithm name property already has
its own option, but we need one for the key name hint. We could have
gone the -G route and added an explicit name for the public key (like
what is done for the private key). However, many places assume the
public key can be constructed from the key dir and hint, and I don't
want to do the refactoring necessary.

As a consequence of this, it is now easier to add public keys to an
existing image without signing something. This could be done all along,
but now you don't have to create an its just to do it. Ideally, we
wouldn't create a FIT at the end. This could be done by calling
fit_image_setup_sig/info.crypto->add_verify_data directly.

Signed-off-by: Sean Anderson <sean.anderson@seco.com>
2022-06-06 18:01:20 -04:00
Philippe Reynes
6e052d1cba mkimage: add public key for image pre-load stage
This commit enhances mkimage to update the node
/image/pre-load/sig with the public key.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
2022-03-31 14:12:01 -04:00
Simon Glass
2d2384bbaf tools: mkimage: Show where signatures/keys are written
At present mkimage displays the node information but it is not clear what
signing action was taken. Add a message that shows it. For now it only
supports showing a single signing action, since that is the common case.

Sample:

   Signature written to 'sha1-basic/test.fit',
       node '/configurations/conf-1/signature'
   Public key written to 'sha1-basic/sandbox-u-boot.dtb',
       node '/signature/key-dev'

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-26 08:50:44 -07:00
Simon Glass
e291a5c9a2 tools: Move copyfile() into a common file
This function is useful in other places. Move it to a common file.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-26 08:50:43 -07:00
Simon Glass
206117afd1 mkimage: Show the external-offset error
This is a debug message at present, which is not very helpful. Print out
the error so that action can be taken.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-25 12:36:10 -07:00
Jan Kiszka
5902a397d0 mkimage: Allow to specify the signature algorithm on the command line
This permits to prepare FIT image description that do not hard-code the
final choice of the signature algorithm, possibly requiring the user to
patch the sources.

When -o <algo> is specified, this information is used in favor of the
'algo' property in the signature node. Furthermore, that property is set
accordingly when writing the image.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2022-01-24 10:35:10 -05:00
Stefan Eichenberger
5390cafed8 tools/fitimage: remove redundant format check
fit_extract_contents does a fit_check_format even thought it was already
checked during imagetool_verify_print_header.
Therefore, this check is not necessary. This commit removes the
redundancy.

Signed-off-by: Stefan Eichenberger <eichest@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-01-24 10:35:10 -05:00
Sven Roederer
9c70237f19 tools/fitimage: add missing linebreak for some messages
Add a linebreak to two messages and fix punctuation.

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
2021-07-14 16:57:35 -04:00
Alexandru Gagniuc
36bfcb62b3 mkimage: Add a 'keyfile' argument for image signing
It's not always desirable to use 'keydir' and some ad-hoc heuristics
to get the filename of the signing key. More often, just passing the
filename is the simpler, easier, and logical thing to do.

Since mkimage doesn't use long options, we're slowly running out of
letters. I've chosen '-G' because it was available.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:23:01 -04:00
Simon Glass
c5819701a3 image: Adjust the workings of fit_check_format()
At present this function does not accept a size for the FIT. This means
that it must be read from the FIT itself, introducing potential security
risk. Update the function to include a size parameter, which can be
invalid, in which case fit_check_format() calculates it.

For now no callers pass the size, but this can be updated later.

Also adjust the return value to an error code so that all the different
types of problems can be distinguished by the user.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
2021-02-15 22:31:52 -05:00
Patrick Oppenlander
c995d854ef mkimage: fit: fix import of external data
The external data is located after the mmapped FDT pointed to by
'old_fdt', not in the newly created FDT we are importing into at 'fdt'.

Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com>
2020-08-07 11:47:18 -04:00
Fabio Estevam
aaa91a4e4b fit_image: Use calloc() to fix reproducibility issue
Vagrant Cascadian reported that mx6cuboxi target no longer builds
reproducibility on Debian.

One example of builds mismatches:

00096680: 696e 6700 736f 756e 642d 6461 6900 6465  ing.sound-dai.de
-00096690: 7465 6374 2d67 7069 6f73 0000            tect-gpios..
+00096690: 7465 6374 2d67 7069 6f73 0061            tect-gpios.a

This problem happens because all the buffers in fit_image.c are
allocated via malloc(), which does not zero out the allocated buffer.

Using calloc() fixes this unpredictable behaviour as it guarantees
that the allocated buffer are zero initialized.

Reported-by: Vagrant Cascadian <vagrant@reproducible-builds.org>
Suggested-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Tested-by: Vagrant Cascadian <vagrant@reproducible-builds.org>
2020-08-05 08:18:34 -04:00
Simon Glass
152b246298 mkimage: Allow updating the FIT timestamp
Normally the FIT timestamp is created the first time mkimage is run on a
FIT, when converting the source .its to the binary .fit file. This
corresponds to using the -f flag. But if the original input to mkimage is
a binary file (already compiled) then the timestamp is assumed to have
been set previously.

Add a -t flag to allow setting the timestamp in this case.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-25 14:46:57 -06:00
Tom Rini
7208396bbf Revert "Merge tag 'dm-pull-20jul20' of git://git.denx.de/u-boot-dm"
This reverts commit 5d3a21df66, reversing
changes made to 56d37f1c56.

Unfortunately this is causing CI failures:
https://travis-ci.org/github/trini/u-boot/jobs/711313649

Signed-off-by: Tom Rini <trini@konsulko.com>
2020-07-24 08:42:06 -04:00
Simon Glass
4c63d21754 mkimage: Allow updating the FIT timestamp
Normally the FIT timestamp is created the first time mkimage is run on a
FIT, when converting the source .its to the binary .fit file. This
corresponds to using the -f flag. But if the original input to mkimage is
a binary file (already compiled) then the timestamp is assumed to have
been set previously.

Add a -t flag to allow setting the timestamp in this case.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-07-20 11:37:47 -06:00
Simon Glass
3172911677 mkimage: Default to adding a crc32 hash with '-f auto'
This option currently does not add any sort of hash to the images in the
FIT.

Add a hash node requesting a crc32 checksum, which at least provides some
protection.

The crc32 value is easily ignored (e.g. in SPL) if not needed. and takes
up only about 48 bytes per image, including overhead.

Suggested-by: Wolfgang Denk <wd@denx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Wolfgang Denk <wd@denx.de>
2020-06-02 17:27:04 -04:00
Tom Rini
7946a814a3 Revert "mkimage: fit: Do not tail-pad fitImage with external data"
This has been reported to break booting of U-Boot from SPL on a number
of platforms due to a lack of alignment of the external data.  The
issues this commit is addressing will need to be resolved another way.

Re-introduce a data leak in the padding for now.

This reverts commit 20a154f95b.

Reported-by: Alex Kiernan <alex.kiernan@gmail.com>
Reported-by: Michael Walle <michael@walle.cc>
Tested-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
2020-05-07 09:01:42 -04:00
Marek Vasut
20a154f95b mkimage: fit: Do not tail-pad fitImage with external data
There is no reason to tail-pad fitImage with external data to 4-bytes,
while fitImage without external data does not have any such padding and
is often unaligned. DT spec also does not mandate any such padding.

Moreover, the tail-pad fills the last few bytes with uninitialized data,
which could lead to a potential information leak.

$ echo -n xy > /tmp/data ; \
	./tools/mkimage -E -f auto -d /tmp/data /tmp/fitImage ; \
	hexdump -vC /tmp/fitImage | tail -n 3

before:
00000260  61 2d 6f 66 66 73 65 74  00 64 61 74 61 2d 73 69  |a-offset.data-si|
00000270  7a 65 00 00 78 79 64 64                           |ze..xydd|
                   ^^       ^^ ^^
after:
00000260  61 2d 6f 66 66 73 65 74  00 64 61 74 61 2d 73 69  |a-offset.data-si|
00000270  7a 65 00 78 79                                    |ze.xy|

Signed-off-by: Marek Vasut <marex@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Tom Rini <trini@konsulko.com>
2020-05-04 07:26:57 -04:00
Sven Roederer
ea5d3731b8 tools/fit-image: print a warning when cmd-line for dtc might be truncated
Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
2020-05-01 11:34:01 -04:00
Bin Meng
0dbd6e3698 mkimage: fit: Free buf directly in fit_extract_data()
If given ptr to free() is NULL, no operation is performed.
Hence we can just free buf directly in fit_extract_data().

Signed-off-by: Bin Meng <bin.meng@windriver.com>
2020-04-24 10:51:56 -04:00
Lihua Zhao
3fc85a782a mkimage: fit: Unmmap the memory before closing fd in fit_import_data()
Without calling munmap(), the follow-up call to open() the same file
with a flag O_TRUNC seems not to cause any issue on Linux, but it fails
on Windows with error like below:

    Can't open kernel_fdt.itb.tmp: Permission denied

Fix this by unmapping the memory before closing fd in fit_import_data().

Signed-off-by: Lihua Zhao <lihua.zhao@windriver.com>
Signed-off-by: Bin Meng <bin.meng@windriver.com>
2020-04-24 10:51:56 -04:00
Kever Yang
ebfe611be9 mkimage: fit_image: Add option to make fit header align
The image is usually stored in block device like emmc, SD card, make the
offset of image data aligned to block(512 byte) can avoid data copy
during boot process.
eg. SPL boot from FIT image with external data:
- SPL read the first block of FIT image, and then parse the header;
- SPL read image data separately;
- The first image offset is the base_offset which is the header size;
- The second image offset is just after the first image;
- If the offset of imge does not aligned, SPL will do memcpy;
The header size is a ramdon number, which is very possible not aligned, so
add '-B size'to specify the align size in hex for better performance.

example usage:
  ./tools/mkimage -E -f u-boot.its -B 0x200 u-boot.itb

Signed-off-by: Kever Yang <kever.yang@rock-chips.com>
Reviewed-by: Punit Agrawal <punit1.agrawal@toshiba.co.jp>
Reviewed-by: Tom Rini <trini@konsulko.com>
2020-04-24 10:10:01 -04:00
Kever Yang
02560b1368 tool: use ALIGN() to align the size
Use the ALIGN() for size align so that the code is more readable.

Signed-off-by: Kever Yang <kever.yang@rock-chips.com>
Reviewed-by: Punit Agrawal <punit1.agrawal@toshiba.co.jp>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-04-24 10:10:00 -04:00
Thomas Hebb
ab5a2b0f79 mkimage: fit: don't create image with 0700 permissions
commit 7298e42250 ("mkimage: fit: add support to encrypt image with
aes") added a new copyfile() function as part of the FIT image creation
flow. This function as currently written creates the final image with a
mode of 0700 (before umask), differing from the old behavior of 0666.
Since there doesn't seem to be any reason to make the image executable
or non-group, non-other readable, change the mask to 0666 to preserve
the old behavior.

Fixes: 7298e42250 ("mkimage: fit: add support to encrypt image with aes")
Signed-off-by: Thomas Hebb <tommyhebb@gmail.com>
2020-04-17 12:32:36 -04:00
Philippe Reynes
7298e42250 mkimage: fit: add support to encrypt image with aes
This commit add the support of encrypting image with aes
in mkimage. To enable the ciphering, a node cipher with
a reference to a key and IV (Initialization Vector) must
be added to the its file. Then mkimage add the encrypted
image to the FIT and add the key and IV to the u-boot
device tree.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
2020-01-17 10:15:49 -05:00
Heinrich Schuchardt
5819466dc1 mkimage: simplify fit_check_params()
fit_check_params() wants at least two of dflag, fflag, and lflag set.

Simplify the logical constraint checking this.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-01-10 14:18:26 -05:00
Andrew F. Davis
e5b5628e8a tools: fit_image: Use fit_image_get_data_and_size for getting offset/size
This is very similar to fit_image_get_data but has the benefit of working
on FIT images with external data unlike fit_image_get_data. This is
useful for extracting sub-images from type of FIT image as this would
previously just silently fail. Add an error message also so if this
still fails it is easier to find out why.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
2020-01-07 11:12:46 -05:00
Michal Sojka
12e288a8ba mkimage: Set correct FDT type and ramdisk architecture in FIT auto mode
When running the following command

    mkimage -f auto -A arm -O linux -T kernel -C none -a 0x8000 -e 0x8000 \
            -d zImage -b zynq-microzed.dtb -i initramfs.cpio image.ub

the type of fdt subimage is the same as of the main kernel image and
the architecture of the initramfs image is not set. Such an image is
refused by U-Boot when booting. This commits sets the mentioned
attributes, allowing to use the "-f auto" mode in this case instead of
writing full .its file.

Following is the diff of mkimage output without and with this commit:

 FIT description: Kernel Image image with one or more FDT blobs
 Created:         Thu Sep 12 23:23:16 2019
  Image 0 (kernel-1)
   Description:
   Created:      Thu Sep 12 23:23:16 2019
   Type:         Kernel Image
   Compression:  uncompressed
   Data Size:    4192744 Bytes = 4094.48 KiB = 4.00 MiB
   Architecture: ARM
   OS:           Linux
   Load Address: 0x00008000
   Entry Point:  0x00008000
  Image 1 (fdt-1)
   Description:  zynq-microzed
   Created:      Thu Sep 12 23:23:16 2019
-  Type:         Kernel Image
+  Type:         Flat Device Tree
   Compression:  uncompressed
   Data Size:    9398 Bytes = 9.18 KiB = 0.01 MiB
   Architecture: ARM
-  OS:           Unknown OS
-  Load Address: unavailable
-  Entry Point:  unavailable
  Image 2 (ramdisk-1)
   Description:  unavailable
   Created:      Thu Sep 12 23:23:16 2019
   Type:         RAMDisk Image
   Compression:  Unknown Compression
   Data Size:    760672 Bytes = 742.84 KiB = 0.73 MiB
-  Architecture: Unknown Architecture
+  Architecture: ARM
   OS:           Linux
   Load Address: unavailable
   Entry Point:  unavailable
  Default Configuration: 'conf-1'
  Configuration 0 (conf-1)
   Description:  zynq-microzed
   Kernel:       kernel-1
   Init Ramdisk: ramdisk-1
   FDT:          fdt-1
   Loadables:    kernel-1

Signed-off-by: Michal Sojka <michal.sojka@cvut.cz>
2019-10-31 07:22:53 -04:00
Luca Boccassi
7d57485a8a tools: use read-only mmap in fit_check_sign
Add an option to open files in read-only mode in mmap_fdt so
that fit_check_sign can be used to inspect files on read-only
filesystems.
For example, this is useful when a key is shipped in a read-only
rootfs or squashfs.

Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
2019-05-18 12:32:02 -04:00
Abel Vesa
cabde449b9 tools: fit_image: Add the loadable property to configs
When running mkimage with "-f auto", the loadable property
needs to be set in order to allow SPL FIT support to boot.

Signed-off-by: Abel Vesa <abel.vesa@nxp.com>
Tested-by: Fabio Estevam <festevam@gmail.com>
2019-03-22 12:15:07 -04:00
Michal Simek
4a8b6e0101 mkimage: fit_image: Use macros from image.h
There is no reason not to use macros which are already defined.
It is also much easier for grepping.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2018-07-24 09:25:23 -04:00
Alex Kiernan
795f452eef mkimage: fit_image: Add support for SOURCE_DATE_EPOCH in signatures
When generating timestamps in signatures, use imagetool_get_source_date()
so we can be overridden by SOURCE_DATE_EPOCH to generate reproducible
images.

Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Reviewed-by: Simon Glass <sjg@chromum.org>
2018-07-10 16:56:00 -04:00
Alex Kiernan
87925df2b3 mkimage: Refactor imagetool_get_source_date to take command name
So we can use imagetool_get_source_date() from callers who do not have
the image tool params struct, just pass in the command name for the error
message.

Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Reviewed-by: Simon Glass <sjg@chromum.org>
2018-07-10 16:56:00 -04:00
Tom Rini
83d290c56f SPDX: Convert all of our single license tags to Linux Kernel style
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from.  So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry.  Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents.  There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>
2018-05-07 09:34:12 -04:00
Stefan Theil
63f881d46a tools/mkimage: Use proper output parameter in dtc-system call
The system call used by mkimage to run dtc redirects stdout to a
temporary file. This can cause problems on Windows (with a MinGW
cross-compiled version). Using the "-o" dtc parameter avoids
this problem.

Signed-off-by: Stefan Theil <stefan.theil@mixed-mode.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
2018-03-09 12:31:07 -05:00
Andre Przywara
2eda8e9aad tools: fix incorrect usage of DT node unit address
The DT spec demands a unit-address in a node name to match the "reg"
property in that node. Newer dtc versions will throw warnings if this is
not the case.
Correct the generated unit names when U-Boot's mkimage creates a FIT
image.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2018-01-15 18:29:21 -07:00
Mirza, Taimoor
a6e9810495 tools/mkimage: Fix DTC run command to handle file names with space
fit_handle_file function does not quote input and output files while preparing
command to run DTC to convert .its to .itb. This results in a failure if input
or output files contain spaces in their names. Quote input and output files in
DTC command to avoid this failure.

Signed-off-by: Mirza, Taimoor <Taimoor_Mirza@mentor.com>
2017-10-16 09:42:51 -04:00
Tom Rini
bf52fcdef4 cmd/gpt.c, cmd/nvedit.c, tools/fit_image.c: Rework recent fixes for Coverity
The recent changes to these files did not completely fix the previous
issues, or introduced different (minor) issues.  In cmd/gpt.c we need to
dereference str_disk_guid to be sure that malloc worked.  In
cmd/nvedit.c we need to be careful that we can also fit in that leading
space when adding to the string.  And in tools/fit_image.c we need to
re-work the error handling slightly in fit_import_data() so that we only
call munmap() once.  We have two error paths here, one where we have an
fd to close and one where we do not.  Adjust labels to match this.

Reported-by: Coverity (CID: 167366, 167367, 167370)
Signed-off-by: Tom Rini <trini@konsulko.com>
2017-10-07 11:27:59 -04:00
Tom Rini
3c2dff5490 tools/fit_image.c: Update some return code paths
Coverity has found some problems with the return paths in parts of this
code.  We have a case where we were going to the wrong part of the
unwind (open() failed so we cannot close the fd), a case where we were
only free()ing our buf on the error path and finally a case where we did
not munmap in the failure path.

Reported-by: Coverity (CID: 138492, 138495, 143064)
Signed-off-by: Tom Rini <trini@konsulko.com>
2017-10-06 11:28:22 -04:00
George McCollister
f1ca1fdebf mkimage: Add support for signing with pkcs11
Add support for signing with the pkcs11 engine. This allows FIT images
to be signed with keys securely stored on a smartcard, hardware security
module, etc without exposing the keys.

Support for other engines can be added in the future by modifying
rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct
correct key_id strings.

Signed-off-by: George McCollister <george.mccollister@gmail.com>
2017-01-14 16:47:13 -05:00
Tomeu Vizoso
0f7c6cdc81 mkimage: Allow including a ramdisk in FIT auto mode
Adds -i option that allows specifying a ramdisk file to be added to the
FIT image when we are using the automatic FIT mode (no ITS file).

This makes adding Depthcharge support to LAVA much more convenient, as
no additional configuration files need to be kept around in the machine
that dispatches jobs to the boards.

Signed-off-by: Tomeu Vizoso <tomeu.vizoso@collabora.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Matt Hart <matthew.hart@linaro.org>
Cc: Neil Williams <codehelp@debian.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2016-11-06 07:33:42 -05:00
Simon Glass
655cc69655 tools: Add an error code when fit_handle_file() fails
The error code may provide useful information for debugging. Add it to the
error string.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Teddy Reed <teddy.reed@gmail.com>
2016-07-14 18:22:36 -04:00
Simon Glass
3a45f38d41 image: Correct auto-fit architecture property name
The fit_write_images() function incorrectly uses the long name for the
architecture. This cannot be parsed with the FIT is read. Fix this by using
the short name instead.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-07-14 18:22:28 -04:00
Vagrant Cascadian
5847084f6b Respect SOURCE_DATE_EPOCH when building FIT images.
Embedding timestamps in FIT images results in unreproducible builds
for targets that generate a fit image, such as dra7xx_evm.

This patch uses the SOURCE_DATE_EPOCH environment variable, when set,
to use specified value for the date.

Thanks to HW42 for debugging the issue and providing the patch:

  https://lists.alioth.debian.org/pipermail/reproducible-builds/Week-of-Mon-20160606/005722.html

For more information about reproducible builds and the
SOURCE_DATE_EPOCH specification:

  https://reproducible-builds.org/specs/source-date-epoch/
  https://reproducible-builds.org/

Signed-off-by: Vagrant Cascadian <vagrant@debian.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2016-06-24 17:23:10 -04:00