Add support for signing with the pkcs11 engine. This allows FIT images
to be signed with keys securely stored on a smartcard, hardware security
module, etc without exposing the keys.
Support for other engines can be added in the future by modifying
rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct
correct key_id strings.
Signed-off-by: George McCollister <george.mccollister@gmail.com>
When we want to use Secure Boot with HAB from SPL over U-Boot.img,
we need to append the IVT to the image and leave space for the CSF.
Images generated as firmware_ivt can directly be signed using the
Freescale code signing tool. For creation of a CSF, mkimage outputs
the correct HAB Blocks for the image.
The changes to the usual firmware image class are quite small,
that is why I implemented that directly into the default_image.
Cc: sbabic@denx.de
v2-Changes: None
Signed-off-by: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Reviewed-by: George McCollister <george.mccollister@gmail.com>
Tested-by: George McCollister <george.mccollister@gmail.com>
Adds -i option that allows specifying a ramdisk file to be added to the
FIT image when we are using the automatic FIT mode (no ITS file).
This makes adding Depthcharge support to LAVA much more convenient, as
no additional configuration files need to be kept around in the machine
that dispatches jobs to the boards.
Signed-off-by: Tomeu Vizoso <tomeu.vizoso@collabora.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Matt Hart <matthew.hart@linaro.org>
Cc: Neil Williams <codehelp@debian.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
The allocated memory should be freed. Fix it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Coverity (CID: 150963)
Reviewed-by: Tom Rini <trini@konsulko.com>
Inform getopt that '-c' requires a parameter.
Fixes: a02221f29d ("mkimage: Convert to use getopt()")
Signed-off-by: Karl Beldan <kbeldan@baylibre.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Update the error-handling code for -A, -C and -O to show a list of valid
options when an invalid one is provided.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Vinoth Eswaran <evinoth1206@gmail.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
The existing error code only displays image types which are claimed by a
particular U_BOOT_IMAGE_TYPE() driver. But this does not seem correct. The
mkimage tool should support all image types, so it makes sense to allow
creation of images of any type with the tool.
When an incorrect image type is provided, use generic code to display the
error.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Add a generic function which can display a list of items in any category.
This will allow displaying of images for the -A, -C, -O and -T flags. At
present only -T is supported.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
There is no need to set params.fit_image_type while parsing the arguments.
It is set up later anyway.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
When auto-fit is used, it is not valid to create a FIT without an image
file. Add a check for this to avoid a very confusing error message later
("Can't open (null): Bad address").
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
There is a special case in the code when auto-fit is used. Add a comment to
make it easier to understand why this is needed.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
The default image type is supposed to be IH_TYPE_KERNEL, as set in the
'params' variable. Honour this with auto-fit also.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
When building a FIT with external data (-E), U-Boot proper may require
absolute positioning for executing the external firmware. To acheive this
use the (-p) switch, which will replace the amended 'data-offset' with
'data-position' indicating the absolute position of external data.
It is considered an error if the requested absolute position overlaps with the
initial data required for the compact FIT.
Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
Some build systems want to be quiet unless there is a problem. At present
mkimage displays quite a bit of information when generating a FIT file. Add
a '-q' flag to silence this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Commit 7a439cadcf broke generation of SPL
loadable FIT images (CONFIG_SPL_LOAD_FIT).
Fix it by removing the unnecessary storage of expected image type. This was a
left over of the previous implementation. It is not longer necessary since the
mkimage -b switch always has one parameter.
Tested-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Andreas Bießmann <andreas@biessmann.org>
The getopt(3) optstring '-' is a GNU extension which is not available on BSD
systems like OS X.
Remove this dependency by implementing argument parsing in another way. This
will also change the lately introduced '-b' switch behaviour.
Signed-off-by: Andreas Bießmann <andreas.devel@googlemail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
One limitation of FIT is that all the data is 'inline' within it, using a
'data' property in each image node. This means that to find out what is in
the FIT it is necessary to scan the entire file. Once loaded it can be
scanned and then the images can be copied to the correct place in memory.
In SPL it can take a significant amount of time to copy images around in
memory. Also loading data that does not end up being used is wasteful. It
would be useful if the FIT were small, acting as a directory, with the
actual data stored elsewhere.
This allows SPL to load the entire FIT, without the images, then load the
images it wants later.
Add a -E option to mkimage to request that it output an 'external' FIT.
Signed-off-by: Simon Glass <sjg@chromium.org>
To make the auto-FIT feature useful we need to be able to provide a list of
device tree files on the command line for mkimage to add into the FIT. Add
support for this feature.
So far there is no support for hashing or verified boot using this method.
For those cases, a .its file must still be provided.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present, when generating a FIT, mkimage requires a .its file containing
the structure of the FIT and referring to the images to be included.
Creating the .its file is a separate step that makes it harder to use FIT.
This is not required for creating legacy images.
Often the FIT is pretty standard, consisting of an OS image, some device
tree files and a single configuration. We can handle this case automatically
and avoid needing a .its file at all.
To start with, support automatically generate the FIT using a new '-f auto'
option. Initially this only supports adding a single image (e.g. a linux
kernel) and a single configuration.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present FIT images are set up by providing a device tree source file
which is a file with a .its extension. We want to support automatically
creating this file based on the image supplied to mkimage. This means that
even though the final file type is always IH_TYPE_FLATDT, the image inside
may be something else.
Signed-off-by: Simon Glass <sjg@chromium.org>
Sometimes incorrect arguments are supplied but the reason is not obvious to
the user. Add some helpful messages.
Signed-off-by: Simon Glass <sjg@chromium.org>
Adjust the code so that option alphabetical order matches the order in the
switch() statement. This makes it easier to find options.
Signed-off-by: Simon Glass <sjg@chromium.org>
The current way of parsing arguments is a bit clumsy. It seems better to
use getopt() which is commonly used for this purpose.
Convert the code to use getopt() and make a few minor adjustments as needed.
Signed-off-by: Simon Glass <sjg@chromium.org>
To follow the MIPS 32-bit and 64-bit memory map conventions (*) recent
MIPS Linux kernels are using a 64-bit sign extended value
(0xffffffff80010000) for the 32-bit load address (0x80010000) of the
Creator CI20 board kernel. When this 64-bit argument was passed to
mkimage running on a 32-bit machine such as the Creator CI20 board the
load address was incorrectly formed from the upper 32-bit sign-extend
bits (0xffffffff) by the strtoul instead of from the lower 32-bits
(0x80010000). The mkimage should be able to tolerate the longer
sign-extended 64-bit version of the 32-bit arguments with the use of
strtoull. Use of the strtoll in place of the strtol in mkimage.c
resolves the issue of self hosted kernel builds for the Creator CI20
board (+) and (++).
(*) http://techpubs.sgi.com/library/dynaweb_docs/0620/SGI_Developer/books/DevDriver_PG/sgi_html/ch01.html
(+) https://github.com/MIPS/CI20_linux/issues/23
(++) https://github.com/MIPS/CI20_linux/issues/22
Signed-off-by: William Cohen <wcohen@redhat.com>
Seems 6ae6e160 broke creating images in certain cases, there
are two problems with that patch.
First is that the expression "!x == 4 || !x == 6" is ambiguous. The
intention here was "!(x == 4) || !(x == 6)" based on reading further in
the file, where this was borrowed from. This however is interpreted by
gcc as "(!x) == 4 || (!x) == 6" and always false. gcc-5.x will warn
about this case.
The second problem is that we do not want to test for the case of "(NOT x
is 4) OR (NOT x is 6)" but instead "(x is not equal to 4) AND (x is not
equal to 6)". This is because in those two cases we already execute the
code question in another part of the file. Rewrite the expression and
add parenthesis for clarity.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Tom Rini <trini@konsulko.com>
Cc: Philippe De Swert <philippedeswert@gmail.com>
Cc: Simon Glass <sjg@chromium.org>
[trini: Re-word Marek's explanation]
Seems 92a655c3 broke creating multi and script type images.
Since the file1:file2:file3 string does not get split up,
it fails on trying to open an non-existing file.
mkimage -A arm -O linux -T multi -C none -d zImage:splash.bmp:device.dtb uimage
tools/mkimage: Can't open zImage:splash.bmp:device.dtb: No such file or directory
Since the sizes of the different parts seem to get added in the actual
routine that handles multi and script type images, we can probably skip the
bit of the code that causes the failure for that type of images.
Signed-off-by: Philippe De Swert <philippedeswert@gmail.com>
At present there is an arbitrary limit of 4KB for padding. Rockchip needs
more than that, so remove this restriction.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Joe Hershberger <joe.hershberger@ni.com>
Some functions called by mkimage would like to know the output file size.
Initially this is the same as the input file size, but it may be affected by
adding headers, etc.
Add this information to the image parameters.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
Offer to display the available image types in help. Also, rather than
hacking the genimg_get_type_id() function to display a list of types,
do this in the tool. Also, sort the list.
The list of image types is quite long, and hard to discover. Print it out
when we show help information.
Signed-off-by: Simon Glass <sjg@chromium.org>
Some image types, like "KeyStone GP", do not have magic numbers to
distinguish them from other image types. Thus, the automatic image
type discovery does not work correctly.
This patch also fix some integer type mismatches.
Signed-off-by: Guilherme Maciel Ferreira <guilherme.maciel.ferreira@gmail.com>
The registration was introduced in commit f86ed6a8d5
This commit also removes all registration functions, and the member "next"
from image_type_params struct
Signed-off-by: Guilherme Maciel Ferreira <guilherme.maciel.ferreira@gmail.com>
The get_type() and verify_print_header() functions have the
same code on both dumpimage.c and mkimage.c modules.
Signed-off-by: Guilherme Maciel Ferreira <guilherme.maciel.ferreira@gmail.com>
In order to avoid duplicating code and keep only one point of modification,
the functions, structs and defines useful for "dumpimage" were moved from
"mkimage" to a common module called "imagetool".
This modification also weakens the coupling between image types (FIT, IMX, MXS,
and so on) and image tools (mkimage and dumpimage). Any tool may initialize the
"imagetool" through register_image_tool() function, while the image types
register themselves within an image tool using the register_image_type()
function:
+---------------+
+------| fit_image |
+--------------+ +-----------+ | +---------------+
| mkimage |--------> | | <-----+
+--------------+ | | +---------------+
| imagetool | <------------| imximage |
+--------------+ | | +---------------+
| dumpimage |--------> | | <-----+
+--------------+ +-----------+ | +---------------+
+------| default_image |
+---------------+
register_image_tool() register_image_type()
Also, the struct "mkimage_params" was renamed to "image_tool_params" to make
clear its general purpose.
Signed-off-by: Guilherme Maciel Ferreira <guilherme.maciel.ferreira@gmail.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
This function should be declared static.
Signed-off-by: Guilherme Maciel Ferreira <guilherme.maciel.ferreira@gmail.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
Add mkimage support for generating and verifying MXS bootstream.
The implementation here is mostly a glue code between MXSSB v0.4
and mkimage, but the long-term goal is to rectify this and merge
MXSSB with mkimage more tightly. Once this code is properly in
U-Boot, MXSSB shall be deprecated in favor of mkimage-mxsimage
support.
Note that the mxsimage generator needs libcrypto from OpenSSL, I
therefore enabled the libcrypto/libssl unconditionally.
MXSSB: http://git.denx.de/?p=mxssb.git;a=summary
The code is based on research presented at:
http://www.rockbox.org/wiki/SbFileFormat
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Tom Rini <trini@ti.com>
Cc: Fabio Estevam <fabio.estevam@freescale.com>
Cc: Stefano Babic <sbabic@denx.de>
Cc: Otavio Salvador <otavio@ossystems.com.br>
Use previously unused return value of function vrec_header
to return a padding size to generic mkimage. This padding
size is used in copy_files to pad with zeros after copying
the data image.
Signed-off-by: Stefano Babic <sbabic@denx.de>
Normally, multiple public keys can be provided and U-Boot is not
required to use all of them for verification. This is because some
images may not be signed, or may be optionally signed.
But we still need a mechanism to determine when a key must be used.
This feature cannot be implemented in the FIT itself, since anyone
could change it to mark a key as optional. The requirement for
key verification must go in with the public keys, in a place that
is protected from modification.
Add a -r option which tells mkimage to mark all keys that it uses
for signing as 'required'.
If some keys are optional and some are required, run mkimage several
times (perhaps with different key directories if some keys are very
secret) using the -F flag to update an existing FIT.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
When signing an image, it is useful to add some details about which tool
or person is authorising the signing. Add a comment field which can take
care of miscellaneous requirements.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
When signing images it is sometimes necessary to sign with different keys
at different times, or make the signer entirely separate from the FIT
creation to avoid needing the private keys to be publicly available in
the system.
Add a -F option so that key signing can be a separate step, and possibly
done multiple times as different keys are avaiable.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
FIT image verification requires public keys. Add a convenient option to
mkimage to write the public keys to an FDT blob when it uses then for
signing an image. This allows us to use:
mkimage -f test.its -K dest.dtb -k keys test.fit
and have the signatures written to test.fit and the corresponding public
keys written to dest.dtb. Then dest.dtb can be used as the control FDT
for U-Boot (CONFIG_OF_CONTROL), thus providing U-Boot with access to the
public keys it needs.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>