Commit graph

11 commits

Author SHA1 Message Date
Simon Glass
2d2384bbaf tools: mkimage: Show where signatures/keys are written
At present mkimage displays the node information but it is not clear what
signing action was taken. Add a message that shows it. For now it only
supports showing a single signing action, since that is the common case.

Sample:

   Signature written to 'sha1-basic/test.fit',
       node '/configurations/conf-1/signature'
   Public key written to 'sha1-basic/sandbox-u-boot.dtb',
       node '/signature/key-dev'

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-26 08:50:44 -07:00
Simon Glass
7ae46c3579 tools: Avoid leaving extra data at the end of copied files
The copyfile() implementation has strange behaviour if the destination
file already exists. Update it to ensure that any existing data in the
destination file is dropped.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-26 08:50:43 -07:00
Simon Glass
e291a5c9a2 tools: Move copyfile() into a common file
This function is useful in other places. Move it to a common file.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-26 08:50:43 -07:00
Stefan Eichenberger
6f08eee67f tools/fitimage: make sure dumpimage still works when "@" are detected
fit_verify_header fails if it detects unit addresses "@". However, this
will break tools like dumpimage on fit images which worked with previous
versions of the tool (e.g. 2020.04 vs 2021.07). As an example the output
of:
dumpimage -l <fit image>
is:
FIT description: U-Boot fitImage for Linux Distribution
Created:         Thu Jan  1 01:00:00 1970
 Image 0 (kernel@1)
  Description:  Linux kernel
  Created:      Thu Jan  1 01:00:00 1970
  Type:         Kernel Image
  Compression:  gzip compressed
  Data Size:    6442456 Bytes = 6291.46 KiB = 6.14 MiB
  Architecture: AArch64
  OS:           Linux
  Load Address: 0x80080000
  Entry Point:  0x80080000
  Hash algo:    sha256
  Hash value:   ...
 Image 1 (fdt@freescale_fsl-s32g274a-evb.dtb)
  Description:  Flattened Device Tree blob
  Created:      Thu Jan  1 01:00:00 1970
  Type:         Flat Device Tree
  Compression:  uncompressed
  Data Size:    39661 Bytes = 38.73 KiB = 0.04 MiB
  Architecture: AArch64
  Hash algo:    sha256
  Hash value:   ...
 Default Configuration: 'conf@freescale_fsl-s32g274a-evb.dtb'
 Configuration 0 (conf@freescale_fsl-s32g274a-evb.dtb)
  Description:  1 Linux kernel, FDT blob
  Kernel:       kernel@1
  FDT:          fdt@freescale_fsl-s32g274a-evb.dtb
  Hash algo:    sha256
  Hash value:   unavailable

But with newer version it shows:
dumpimage -l <fit image>
GP Header: Size d00dfeed LoadAddr 62f0a4

This commit will output a warning that unit addresses were detected but
will not fail:
dumpimage -l <fit image>
Image contains unit addresses @, this will break signing
...

Signed-off-by: Stefan Eichenberger <eichest@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2022-01-24 10:35:10 -05:00
Simon Glass
c5819701a3 image: Adjust the workings of fit_check_format()
At present this function does not accept a size for the FIT. This means
that it must be read from the FIT itself, introducing potential security
risk. Update the function to include a size parameter, which can be
invalid, in which case fit_check_format() calculates it.

For now no callers pass the size, but this can be updated later.

Also adjust the return value to an error code so that all the different
types of problems can be distinguished by the user.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
2021-02-15 22:31:52 -05:00
Luca Boccassi
7d57485a8a tools: use read-only mmap in fit_check_sign
Add an option to open files in read-only mode in mmap_fdt so
that fit_check_sign can be used to inspect files on read-only
filesystems.
For example, this is useful when a key is shipped in a read-only
rootfs or squashfs.

Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
2019-05-18 12:32:02 -04:00
Jordan Hand
d32aa3cae4 fdt: Fix FIT header verification in mkimage and conduct same checks as bootm
FIT header verification in mkimage was treating a return code as a boolean,
which meant that failures in validating the fit were seen as successes.

Additionally, mkimage was checking all formats to find a header which
passes validation, rather than using the image type specified to
mkimage.

checkpatch.pl checks for lines ending with '(' and alignment matching
open parentheses are ignored to keep with existing coding style.

Signed-off-by: Jordan Hand <jorhand@microsoft.com>
2019-03-08 11:31:44 -05:00
Tom Rini
83d290c56f SPDX: Convert all of our single license tags to Linux Kernel style
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from.  So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry.  Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents.  There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>
2018-05-07 09:34:12 -04:00
Simon Glass
a946811569 mkimage: Automatically make space in FDT when full
When adding hashes or signatures, the target FDT may be full. Detect this
and automatically try again after making 1KB of space.

Signed-off-by: Simon Glass <sjg@chromium.org>
2014-06-11 16:25:46 -04:00
Simon Glass
ef0af64b1c Improve error handling in fit_common
Make the error handling common, and make sure the file is always closed
on error. Rename the parameter to be more description and add comments.

Signed-off-by: Simon Glass <sjg@chromium.org>
2014-06-11 16:25:46 -04:00
Heiko Schocher
6bf4ca076f tools, fit: add fit_info host command
add fit_info command to the host tools. This command prints
the name, offset and the len from a property from a node in
a fit file. This info can be used to extract a properties
data with linux tools, for example "dd".

Signed-off-by: Heiko Schocher <hs@denx.de>
Acked-by: Simon Glass <sjg@chromium.org>
2014-03-21 16:39:37 -04:00