Commit graph

117 commits

Author SHA1 Message Date
Marek Vasut
4c531d9f58 fit: Load DTO into temporary buffer and ignore load address
The current fitImage DTO implementation expects each fitImage image
subnode containing DTO to have 'load' property, pointing somewhere
into memory where the DTO will be loaded. The address in the 'load'
property must be different then the base DT load address and there
must be sufficient amount of space between those two addresses.
Selecting and using such hard-coded addresses is fragile, error
prone and difficult to port even across devices with the same SoC
and different DRAM sizes.

The DTO cannot be applied in-place because fdt_overlay_apply_verbose()
modifies the DTO when applying it onto the base DT, so if the DTO was
used in place within the fitImage, call to fdt_overlay_apply_verbose()
would corrupt the fitImage.

Instead of copying the DTO to a specific hard-coded load address,
allocate a buffer, copy the DTO into that buffer, apply the DTO onto
the base DT, and free the buffer.

The upside of this approach is that it is no longer necessary to
select and hard-code specific DTO load address into the DTO. The
slight downside is the new malloc()/free() overhead for each DTO,
but that is negligible (*).

(*) on iMX8MM/MN and STM32MP1

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Pantelis Antoniou <pantelis.antoniou@konsulko.com>
Cc: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
[trini: Add <linux/sizes.h>]
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-07-15 19:06:37 -04:00
Lokesh Vutla
481d394e77 common: fit: Update board_fit_image_post_process() to pass fit and node_offset
board_fit_image_post_process() passes only start and size of the image,
but type of the image is not passed. So pass fit and node_offset, to
derive information about image to be processed.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>
2021-06-11 16:34:52 +05:30
Alexandru Gagniuc
033ac4ebba image-fit: Accept OP-TEE images when booting a FIT
OP-TEE images are normally packaged with
	type = "tee;
	os = "tee";

However, fit_image_load() thinks that is somehow invalid. However if
they were declared as type = "kernel", os = "linux", fit_image_load()
would happily accept them and allow the boot to continue. There is no
technical limitation to excluding "tee".

Allowing "tee" images is useful in a boot flow where OP-TEE is
executed before linux.

In fact, I think it's unintuitive for a "load"ing function to also do
parsing and contain a bunch ad-hoc heuristics that only its caller
might know. But I don't make the rules, I just write fixes. In more
polite terms: refactoring the fit_image API is beyond the scope of
this change.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 16:02:43 -04:00
Alexandru Gagniuc
47b6f7f845 image-fit: Accept IH_TYPE_FIRMWARE in fit_image_load() as valid
Consider the following FIT:

	images {
		whipple {};
	};
	configurations {
		conf-1 {
			firmware = "whipple";
		};
	};

Getting the 'firmware' image with fit_image_load() is not possible, as
it doesn't understand 'firmware =' properties. Although one could pass
IH_TYPE_FIRMWARE for 'image_type', this needs to be converted to a
"firmware" string for FDT lookup -- exactly what this change does.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 16:02:43 -04:00
Tom Rini
1057b1be75 Prepare v2021.04-rc5
-----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCgAdFiEEGjx/cOCPqxcHgJu/FHw5/5Y0tywFAmBiRbMACgkQFHw5/5Y0
 tyz0KAv/T8glQGL6L2CYeLuwbs9tndQoaH2YNb3teNUJrqehBleJAQ6ubHP30d87
 rHrokJ4Zu3TC15sACrK4GOMvsAVkeCuU/jIqFJA4ieDZr8g7yfUMOZMsDiIFdd36
 Rdmi71Jtek/csyS5BfcUUYoXVbUCGQ8yAx7z0VrK0sqsqZYYJNwPmqgkR8U2ulNb
 FiLxwamFwH7+bsvcvHajO1dOyko0zR7GTisf/fOgmlHuF3BldqG4SDcNd528uEWb
 r3fXs2Ut6IaC/beCnmKUPVG3ZjdPtb+T230rRRhUOfjTwqR7SzXp5bTyzdgyw3gU
 rOgfi/mAGQPPG2E2fzPz0JCI1irbnkSE2fVJ4epaVUCoHIEsQQdy034aD3qLcHFY
 65ihEpRvCM7s9jfKX8XeIG4rKFB4i60TX5orzdMvx7wV3rxmPE9qQmF9lkD+fEA+
 TPuFtkjGmluSe+xWBVK7+6xuF6rcLEbNXuFWRi3qMSMgH8rtGfeJRonusOGPolwC
 jQ1T7szW
 =UJ/O
 -----END PGP SIGNATURE-----

Merge tag 'v2021.04-rc5' into next

Prepare v2021.04-rc5
2021-03-29 18:00:21 -04:00
Simon Glass
e2734d647e sandbox: image: Allow sandbox to load any image
Sandbox is special in that it is used for testing and it does not match
any particular target architecture. Allow it to load an image from any
architecture, so that 'bootm' can be used as needed.

Signed-off-by: Simon Glass <sjg@chromium.org>
2021-03-27 15:04:31 +13:00
Simon Glass
29cbc4babf image: Avoid -ENODATA in host tools
Unfortunately -ENODATA is not available in OpenBSD. Use -EBADMSG
instead, to indicate a missing timestamp.

Fixes: c5819701a3 image: Adjust the workings of fit_check_format()
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
2021-03-17 12:50:19 -04:00
Simon Glass
3f04db891a image: Check for unit addresses in FITs
Using unit addresses in a FIT is a security risk. Add a check for this
and disallow it.

CVE-2021-27138

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
2021-02-15 22:31:54 -05:00
Simon Glass
6f3c2d8aa5 image: Add an option to do a full check of the FIT
Some strange modifications of the FIT can introduce security risks. Add an
option to check it thoroughly, using libfdt's fdt_check_full() function.

Enable this by default if signature verification is enabled.

CVE-2021-27097

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
2021-02-15 22:31:53 -05:00
Simon Glass
c5819701a3 image: Adjust the workings of fit_check_format()
At present this function does not accept a size for the FIT. This means
that it must be read from the FIT itself, introducing potential security
risk. Update the function to include a size parameter, which can be
invalid, in which case fit_check_format() calculates it.

For now no callers pass the size, but this can be updated later.

Also adjust the return value to an error code so that all the different
types of problems can be distinguished by the user.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
2021-02-15 22:31:52 -05:00
Simon Glass
79af75f777 fit: Don't allow verification of images with @ nodes
When searching for a node called 'fred', any unit address appended to the
name is ignored by libfdt, meaning that 'fred' can match 'fred@1'. This
means that we cannot be sure that the node originally intended is the one
that is used.

Disallow use of nodes with unit addresses.

Update the forge test also, since it uses @ addresses.

CVE-2021-27138

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
2021-02-15 19:17:25 -05:00
Simon Glass
401d1c4f5d common: Drop asm/global_data.h from common header
Move this out of the common header and include it only where needed.  In
a number of cases this requires adding "struct udevice;" to avoid adding
another large header or in other cases replacing / adding missing header
files that had been pulled in, very indirectly.   Finally, we have a few
cases where we did not need to include <asm/global_data.h> at all, so
remove that include.

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
2021-02-02 15:33:42 -05:00
Ravik Hasija
7a01882eb3 common: Kconfig.boot: Add FIT_PRINT config option
Config allows to disable printing contents of fitImage to optimize boottime.

Signed-off-by: Ravik Hasija <rahasij@linux.microsoft.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-02-01 16:32:06 -05:00
Joel Stanley
93af80f3e8 image-fit: Fix FIT_CIPHER linking
When CONFIG_FIT_CIPHER=y and CONFIG_FIT_SIGNATURE=n is there is no
implementation of image_get_host_blob for mkimage/dumpimage:

 /usr/bin/ld: tools/common/image-cipher.o: in function `fit_image_decrypt_data':
 image-cipher.c:(.text+0x9a): undefined reference to `image_get_host_blob'

Move the implementation to a common file so it can be shaed between
image-cipher.c and image-fit-sig.c.

Signed-off-by: Joel Stanley <joel@jms.id.au>
2021-01-22 16:17:52 -05:00
Heinrich Schuchardt
ea1a9ec5f4 image-fit: fit_check_format check for valid FDT
fit_check_format() must check that the buffer contains a flattened device
tree before calling any device tree library functions.

Failure to do may cause segmentation faults.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-01-13 02:38:00 +01:00
Sebastian Reichel
d8ab0fe5b5 image: support board_fit_config_name_match
Support reusing board_fit_config_name_match() to automatically
select a sensible default configuration for booting fitImages
using 'bootm'.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
2021-01-05 08:21:48 -05:00
Sebastian Reichel
f14e6eec6c image: cleanup pre-processor usage
Replace most #ifdef checks for USE_HOSTCC and CONFIG_*
with normal if instructions.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
2021-01-05 08:21:48 -05:00
Michal Simek
13d1ca8742 spl: fdt: Record load/entry fit-images entries in 64bit format
The commit 9f45aeb937 ("spl: fit: implement fdt_record_loadable") which
introduced fdt_record_loadable() state there spl_fit.c is not 64bit safe.
Based on my tests on Xilinx ZynqMP zcu102 platform there shouldn't be a
problem to record these addresses in 64bit format.
The patch adds support for systems which need to load images above 4GB.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-10-27 08:13:32 +01:00
Reuben Dowle
d16b38f427 Add support for SHA384 and SHA512
The current recommendation for best security practice from the US government
is to use SHA384 for TOP SECRET [1].

This patch adds support for SHA384 and SHA512 in the hash command, and also
allows FIT images to be hashed with these algorithms, and signed with
sha384,rsaXXXX and sha512,rsaXXXX

The SHA implementation is adapted from the linux kernel implementation.

[1] Commercial National Security Algorithm Suite
http://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm

Signed-off-by: Reuben Dowle <reuben.dowle@4rf.com>
2020-06-12 13:14:07 -04:00
Simon Glass
f7ae49fc4f common: Drop log.h from common header
Move this header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18 21:19:18 -04:00
Simon Glass
4d72caa5b9 common: Drop image.h from common header
Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18 17:33:33 -04:00
Tom Rini
1f47e2aca4 Xilinx changes for v2020.07
common:
 - Align ENV_FAT_INTERFACE
 - Fix MAC address source print log
 - Improve based autodetection code
 
 xilinx:
 - Enable netconsole
 
 Microblaze:
 - Setup default ENV_OFFSET/ENV_SECT_SIZE
 
 Zynq:
 - Multiple DT updates/fixes
 - Use DEVICE_TREE environment variable for DTB selection
 - Switch to single zynq configuration
 - Enable NOR flash via DM
 - Minor SPL print removal
 - Enable i2c mux driver
 
 ZynqMP:
 - Print multiboot register
 - Enable cache commands in mini mtest
 - Multiple DT updates/fixes
 - Fix firmware probing when driver is not enabled
 - Specify 3rd backup RAM boot mode in SPL
 - Add SPL support for zcu102 v1.1 and zcu111 revA
 - Redesign debug uart enabling and psu_init delay
 - Enable full u-boot run from EL3
 - Enable u-boot.itb generation without ATF with U-Boot in EL3
 
 Versal:
 - Enable distro default
 - Enable others SPI flashes
 - Enable systems without DDR
 
 Drivers:
 - Gem:
   - Flush memory after freeing
   - Handle mdio bus separately
 - Watchdog:
   - Get rid of unused global data pointer
   - Enable window watchdog timer
 - Serial:
   - Change reinitialization logic in zynq serial driver
 -----BEGIN PGP SIGNATURE-----
 
 iF0EABECAB0WIQQbPNTMvXmYlBPRwx7KSWXLKUoMIQUCXoxw9wAKCRDKSWXLKUoM
 IbQxAKCK23yTy4FoN8oTGTYsbmLOA9kVUQCbBx8lg4nBeA8ihSaAnY+HMDF37YI=
 =Lg54
 -----END PGP SIGNATURE-----

Merge tag 'xilinx-for-v2020.07' of https://gitlab.denx.de/u-boot/custodians/u-boot-microblaze into next

Xilinx changes for v2020.07

common:
- Align ENV_FAT_INTERFACE
- Fix MAC address source print log
- Improve based autodetection code

xilinx:
- Enable netconsole

Microblaze:
- Setup default ENV_OFFSET/ENV_SECT_SIZE

Zynq:
- Multiple DT updates/fixes
- Use DEVICE_TREE environment variable for DTB selection
- Switch to single zynq configuration
- Enable NOR flash via DM
- Minor SPL print removal
- Enable i2c mux driver

ZynqMP:
- Print multiboot register
- Enable cache commands in mini mtest
- Multiple DT updates/fixes
- Fix firmware probing when driver is not enabled
- Specify 3rd backup RAM boot mode in SPL
- Add SPL support for zcu102 v1.1 and zcu111 revA
- Redesign debug uart enabling and psu_init delay
- Enable full u-boot run from EL3
- Enable u-boot.itb generation without ATF with U-Boot in EL3

Versal:
- Enable distro default
- Enable others SPI flashes
- Enable systems without DDR

Drivers:
- Gem:
  - Flush memory after freeing
  - Handle mdio bus separately
- Watchdog:
  - Get rid of unused global data pointer
  - Enable window watchdog timer
- Serial:
  - Change reinitialization logic in zynq serial driver

Signed-off-by: Tom Rini <trini@konsulko.com>
2020-04-07 17:13:35 -04:00
Simon Glass
72188f5462 image: Use constants for 'required' and 'key-name-hint'
These are used in multiple places so update them to use a shared #define.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Philippe Reynes <philippe.reynes@softathome.com>
2020-04-01 07:45:09 -06:00
Simon Glass
382cf62039 image: Be a little more verbose when checking signatures
It is useful to be a little more specific about what is being checked.
Update a few messages to help with this.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-04-01 07:45:09 -06:00
Simon Glass
390b26dc27 image: Correct comment for fit_conf_get_node()
This should mention that conf_uname can be NULL and should be in the
header file. Fix this.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-04-01 07:45:09 -06:00
Tom Rini
2b18b89156 Merge branch 'next' of git://git.denx.de/u-boot-usb into next 2020-03-31 17:24:19 -04:00
Lihua Zhao
0df27d687c image-fit: Allow loading FIT image for VxWorks
This adds the check against IH_OS_VXWORKS during FIT image load,
to allow loading FIT image for VxWorks.

Signed-off-by: Lihua Zhao <lihua.zhao@windriver.com>
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
2020-03-31 10:06:52 -04:00
Heinrich Schuchardt
183780491f fit: check return value of fit_image_get_data_size()
GCC-10 reports:

In file included from tools/common/image-fit.c:1:
include/image.h: In function ‘fit_image_get_data_and_size’:
./tools/../common/image-fit.c:1015:9: warning: ‘len’ may be used
uninitialized in this function [-Wmaybe-uninitialized]
 1015 |   *size = len;
      |   ~~~~~~^~~~~
./tools/../common/image-fit.c:996:6: note: ‘len’ was declared here
  996 |  int len;
      |      ^~~

Add the missing check of the return value of fit_image_get_data_size().

Fixes: c3c8638804 ("add FIT data-position & data-offset property support")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
2020-03-13 09:30:30 -04:00
AKASHI Takahiro
b983cc2da0 lib: rsa: decouple rsa from FIT image verification
Introduce new configuration, CONFIG_RSA_VERIFY which will decouple building
RSA functions from FIT verification and allow for adding a RSA-based
signature verification for other file formats, in particular PE file
for UEFI secure boot.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2020-03-12 08:20:38 -04:00
Philippe Reynes
4df3578119 u-boot: fit: add support to decrypt fit with aes
This commit add to u-boot the support to decrypt
fit image encrypted with aes. The FIT image contains
the key name and the IV name. Then u-boot look for
the key and IV in his device tree and decrypt images
before moving to the next stage.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
2020-01-17 10:16:29 -05:00
Philippe Reynes
7298e42250 mkimage: fit: add support to encrypt image with aes
This commit add the support of encrypting image with aes
in mkimage. To enable the ciphering, a node cipher with
a reference to a key and IV (Initialization Vector) must
be added to the its file. Then mkimage add the encrypted
image to the FIT and add the key and IV to the u-boot
device tree.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
2020-01-17 10:15:49 -05:00
Cristian Ciocaltea
a031b03f64 image: Add IH_OS_EFI for EFI chain-load boot
Add a new OS type to be used for chain-loading an EFI compatible
firmware or boot loader like GRUB2, possibly in a verified boot
scenario.

Bellow is sample ITS file that generates a FIT image supporting
secure boot. Please note the presence of 'os = "efi";' line, which
identifies the currently introduced OS type:

/ {
    #address-cells = <1>;

    images {
        efi-grub {
            description = "GRUB EFI";
            data = /incbin/("bootarm.efi");
            type = "kernel_noload";
            arch = "arm";
            os = "efi";
            compression = "none";
            load = <0x0>;
            entry = <0x0>;
            hash-1 {
                algo = "sha256";
            };
        };
    };

    configurations {
        default = "config-grub";
        config-grub {
            kernel = "efi-grub";
            signature-1 {
                algo = "sha256,rsa2048";
                sign-images = "kernel";
            };
        };
    };
};

Signed-off-by: Cristian Ciocaltea <cristian.ciocaltea@gmail.com>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2020-01-07 18:08:21 +01:00
Simon Glass
3db7110857 crc32: Use the crc.h header for crc functions
Drop inclusion of crc.h in common.h and use the correct header directly
instead.

With this we can drop the conflicting definition in fw_env.h and rely on
the crc.h header, which is already included.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
2019-12-02 18:23:08 -05:00
Julius Werner
bddd985734 fit: Do not automatically decompress ramdisk images
The Linux ramdisk should always be decompressed by the kernel itself,
not by U-Boot. Therefore, the 'compression' node in the FIT image should
always be set to "none" for ramdisk images, since the only point of
using that node is if you want U-Boot to do the decompression itself.

Yet some systems populate the node to the compression algorithm used by
the kernel instead. This used to be ignored, but now that we support
decompression of all image types it becomes a problem. Since ramdisks
should never be decompressed by U-Boot anyway, this patch adds a special
exception for them to avoid these issues. Still, setting the
'compression' node like that is wrong in the first place, so we still
want to print out a warning so that third-party distributions doing this
can notice and fix it.

Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Heiko Schocher <hs@denx.de>
Tested-by: Heiko Schocher <hs@denx.de>
Reviewed-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
2019-08-07 15:31:05 -04:00
Julius Werner
18cfa612a9 fit: Support compat string property in configuration node
This patch adds support for an optional optimization to compatible
string matching where the compatible string property from the root node
of the kernel FDT can be copied into the configuration node of the FIT
image. This is most useful when using compressed FDTs or when using FDT
overlays, where the traditional extraction of the compatible string from
the kernel FDT itself is not easily possible.

Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2019-07-29 09:32:08 -04:00
Julius Werner
b1307f884a fit: Support compression for non-kernel components (e.g. FDT)
This patch adds support for compressing non-kernel image nodes in a FIT
image (kernel nodes could already be compressed previously). This can
reduce the size of FIT images and therefore improve boot times
(especially when an image bundles many different kernel FDTs). The
images will automatically be decompressed on load.

This patch does not support extracting compatible strings from
compressed FDTs, so it's not very helpful in conjunction with
CONFIG_FIT_BEST_MATCH yet, but it can already be used in environments
that select the configuration to load explicitly.

Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
2019-07-29 09:32:07 -04:00
Peter Ujfalusi
35c7527eb9 fit: load all fragments from the extra configurations
Currently only the first fdt is loaded from the extra configuration of
FIT image.
If the configuration have multiple fdt, load them all as well.

Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
2019-04-22 18:13:23 -04:00
Philippe Reynes
20031567e1 rsa: add a structure for the padding
The rsa signature use a padding algorithm. By default, we use the
padding pkcs-1.5. In order to add some new padding algorithm, we
add a padding framework to manage several padding algorithm.
The choice of the padding is done in the file .its.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2018-12-03 10:44:10 -05:00
Marek Vasut
078e558699 fit: Verify all configuration signatures
Rather than verifying configuration signature of the configuration node
containing the kernel image types, verify all configuration nodes, even
those that do not contain kernel images. This is useful when the nodes
contain ie. standalone OSes or U-Boot.

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Tom Rini <trini@konsulko.com>
Cc: Pantelis Antoniou <pantelis.antoniou@konsulko.com>
Cc: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2018-07-10 16:55:56 -04:00
Kelvin Cheung
c3c8638804 add FIT data-position & data-offset property support
Add FIT data-position & data-offset property support for bootm,
which were already supported in SPL.

Signed-off-by: Kelvin Cheung <keguang.zhang@gmail.com>
2018-05-26 18:19:19 -04:00
Marek Vasut
0298d20375 fit: Add standalone image type handling
Just add IH_TYPE_STANDALONE to fit_get_image_type_property().

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Pantelis Antoniou <pantelis.antoniou@konsulko.com>
Cc: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2018-05-23 22:06:40 -04:00
Marek Vasut
a3c43b129e fit: Add empty fit_print_contents() and fit_image_print()
These functions may be needed in SPL, so add empty variants of them
if CONFIG_SPL_FIT_PRINT is disabled.

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Pantelis Antoniou <pantelis.antoniou@konsulko.com>
Cc: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2018-05-23 22:06:40 -04:00
Marek Vasut
b527b9c6c6 fit: Fix CONFIG_FIT_SPL_PRINT
Rename CONFIG_FIT_SPL_PRINT to CONFIG_SPL_FIT_PRINT and add Kconfig
entry for it.

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Pantelis Antoniou <pantelis.antoniou@konsulko.com>
Cc: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
2018-05-23 22:06:39 -04:00
Tom Rini
16c4b169af FIT: Make fit_conf_print() be a static function
We only call fit_conf_print from one place in the code, so mark it as
static and move it up to where we call it.  This in turn has us move a
few other already static functions up further as well.

Signed-off-by: Tom Rini <trini@konsulko.com>
2018-05-23 17:30:02 -04:00
Clément Péron
71412d7231 image: fit: Show signatures and hashes for configurations
The signature/hash information are displayed for images but nor for
configurations.

Add subnodes printing in fit_conf_print() like it's done in fit_image_print()

Signed-off-by: Clément Péron <peron.clem@gmail.com>
[trini: Add guards around fit_conf_print to avoid warnings]
Signed-off-by: Tom Rini <trini@konsulko.com>
2018-05-08 18:50:24 -04:00
Tom Rini
83d290c56f SPDX: Convert all of our single license tags to Linux Kernel style
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from.  So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry.  Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents.  There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>
2018-05-07 09:34:12 -04:00
Michal Simek
6faf4622a9 image: fit: Show information about OS type in firwmare case too
SPL ATF implementation requires FIT image with partitions where the one
is Firmware/ATF and another one Firmware/U-Boot. OS field is used for
recording that difference that's why make sense to show values there for
Firmware types.

For example:
 Image 0 (atf)
  Description:  ATF bl31.bin
  Created:      Mon Mar 26 15:58:14 2018
  Type:         Firmware
  Compression:  uncompressed
  Data Size:    51152 Bytes = 49.95 KiB = 0.05 MiB
  Architecture: ARM
  OS:           ARM Trusted Firmware
  Load Address: 0xfffe0000
  Hash algo:    md5
  Hash value:   36a4212bbb698126bf5a248f0f4b5336
 Image 1 (uboot)
  Description:  u-boot.bin
  Created:      Mon Mar 26 15:58:14 2018
  Type:         Firmware
  Compression:  uncompressed
  Data Size:    761216 Bytes = 743.38 KiB = 0.73 MiB
  Architecture: ARM
  OS:           U-Boot
  Load Address: 0x08000000
  Hash algo:    md5
  Hash value:   f22960fe429be72296dc8dc59a47d566

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Jun Nie <jun.nie@linaro.org>
2018-04-06 20:45:44 -04:00
Michal Simek
1f8e4bf55e image: fit: Show firmware configuration property if present
SPL ATF support requires to have firmware property which should be also
listed by mkimage -l when images is created.

The patch is also using this macro in spl_fit to match keyword.

When image is created:
 Default Configuration: 'config'
 Configuration 0 (config)
  Description:  ATF with full u-boot
  Kernel:       unavailable
  Firmware:     atf
  FDT:          dtb

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Jun Nie <jun.nie@linaro.org>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
2018-04-06 20:45:44 -04:00
Jun Nie
5c643db4cc SPL: Add signature verification when loading image
U-boot proper signature is not verified by SPL on most platforms
even config SPL_FIT_SIGNATURE is enabled. Only fsl-layerscape
platform support secure boot in platform specific code. So
verified boot cannot be achieved if u-boot proper is loaded by
SPL.

This patch add signature verification to u-boot proper images
when loading FIT image in SPL. It is tested on Allwinner bananapi
zero board with H2+ SoC.

Signed-off-by: Jun Nie <jun.nie@linaro.org>
2018-03-19 09:59:32 -04:00
Andre Przywara
b2267e8a22 fix incorrect usage of DT node unit address in comments
The DT spec demands a unit-address in a node name to match the "reg"
property in that node. Newer dtc versions will throw warnings if this is
not the case.
Fix all occurences in the tree where node names were mentioned in
comments, to not give bad examples to the reader.

Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2018-01-15 18:29:21 -07:00