Commit graph

137 commits

Author SHA1 Message Date
Mario Six
a1b6b0a9c1 arm: mvebu: Implement secure boot
The patch implements secure booting for the mvebu architecture.

This includes:
- The addition of secure headers and all needed signatures and keys in
  mkimage
- Commands capable of writing the board's efuses to both write the
  needed cryptographic data and enable the secure booting mechanism
- The creation of convenience text files containing the necessary
  commands to write the efuses

The KAK and CSK keys are expected to reside in the files kwb_kak.key and
kwb_csk.key (OpenSSL 2048 bit private keys) in the top-level directory.

Signed-off-by: Reinhard Pfau <reinhard.pfau@gdsys.cc>
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Stefan Roese <sr@denx.de>
2017-02-01 09:04:18 +01:00
Mario Six
4991b4f7f1 tools: kwbimage: Refactor line parsing and fix error
The function image_create_config_parse_oneline is pretty complex, and
since more parameters will be added to support secure booting, we
refactor the function to make it more readable.

Also, when a line contained just a keyword without any parameters,
strtok_r returned NULL, which was then indiscriminately fed into atoi,
causing a segfault. To correct this, we add a NULL check before feeding
the extracted token to atoi, and print an error message in case the
token is NULL.

Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
2017-02-01 09:04:11 +01:00
Mario Six
79066ef8c9 tools: kwbimage: Factor out add_binary_header_v1
In preparation of adding the creation of secure headers, we factor the
add_binary_header_v1 function out of the image_create_v1 function.

Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
2017-02-01 09:04:06 +01:00
Mario Six
e93cf53f14 tools: kwbimage: Remove unused parameter
The parameter 'params' of the image_headersz_v1 function is never used
by the function.

Hence, remove it.

Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
2017-02-01 09:03:59 +01:00
Mario Six
e89016c44b tools: kwbimage: Reduce scope of variables
This patch reduces the scope of some variables.

Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
2017-02-01 09:03:54 +01:00
Mario Six
885fba155c tools: kwbimage: Fix arithmetic with void pointers
Arithmetic with void pointers, e.g. a - b where both a and b are void
pointers, is undefined in the C standard. Since we are operating with
byte data here, we switch the void pointers to uint8_t pointers, and add
the necessary casts.

Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
2017-02-01 09:03:48 +01:00
Mario Six
94490a4a70 tools: kwbimage: Fix style violations
Fix some style violations:

- nine instances of missing blank lines after declarations
- one overly long line
- one split string (which also rewords an error message more concisely)
- two superfluous else

Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
2017-02-01 09:03:41 +01:00
Mario Six
94084eea3b tools: kwbimage: Fix dest addr
To enable secure boot, we need to jump back into the BootROM to continue
the SoC's boot process instead of letting the SPL load and run the main
U-Boot image.

But, since the u-boot-spl.img (including the 64 byte header) is loaded
by the SoC as the main image, we need to compensate for the header
length to get a correct entry point.

Thus, we subtract the header size from the destination address, so that
the execution address points at the actual entry point of the image.

The current boards ignore both parameters anyway, so this change shouldn't
concern them.

Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
2017-02-01 09:03:15 +01:00
Chris Packham
2611c05e84 tools/kwbimage: add DEBUG option
Offset 0x1 in the generated kwb image file is a set of flags, bit 0
enables debug output from the BootROM firmware.  Allow a DEBUG option in
the kwb configuration to request debug output from the BootROM firmware.

Signed-off-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Stefan Roese <sr@denx.de>
2016-12-01 09:10:49 +01:00
Chris Packham
4bdb547978 tools/kwbimage: add BAUDRATE option
Offset 0x18 in some Marvell datasheets this field is redacted as
"reserved". This offset is actually a set of options and bits 2:0 allow
the selection of the UART baudrate.

Allow a BAUDRATE option to set the UART baudrate for any messages coming
from the BootROM firmware.

Signed-off-by: Chris Packham <judge.packham@gmail.com>
Signed-off-by: Stefan Roese <sr@denx.de>
2016-12-01 09:10:43 +01:00
Reinhard Pfau
76b391cdee tools/kwbimage: fix size computations for v1 images
Fix computation of haeder size and binary header size.
Size of opt header and some 32bit values were not taken into account. This could
result in invalid boot images (due to the wrong binary header size, the image could
claim to have another extension header after the binary extension although there
is none).

Use "uint32_t" instead of "unsigned int" for header size computation.

Signed-off-by: Reinhard Pfau <reinhard.pfau@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
Cc: Luka Perkov <luka.perkov@sartura.hr>
2015-11-29 16:02:44 +01:00
Reinhard Pfau
a8840dced0 tools/kwbimage: fix endianess issue
KWB image header values are in little endian (LE).
So adding appropriate cpu_to_leXX() calls to allow building those images
on BE hosts, too.

Signed-off-by: Reinhard Pfau <reinhard.pfau@gdsys.cc>
Reviewed-by: Stefan Roese <sr@denx.de>
2015-11-29 16:02:44 +01:00
Stefan Roese
7772085930 tools/kwbimage.c: Make sure that the resulting image is 4-byte aligned
With the dtb added to the main U-Boot image, it can happen, that
the resulting image is not 4-byte aligned. As the dtb tends to
be unaligned. But the image needs to be 4-byte aligned. At least the
Marvell hdrparser tool complains if its unaligned. By returning 1 here
in kwbimage_generate(), called via tparams->vrec_header() in mkimage.c,
mkimage will automatically pad the resulting image to a 4-byte size
if necessary.

Signed-off-by: Stefan Roese <sr@denx.de>
Cc: Luka Perkov <luka.perkov@sartura.hr>
Cc: Dirk Eibach <eibach@gdsys.de>
2015-11-29 16:02:44 +01:00
Stefan Roese
ea8b6877a8 tools/kwbimage.c: Fix generation of binary header
The binary header ends with one lword, defining if another header
follows this one. This additions 4 bytes need to be taken into
account in the generation of the header size. And the complete
4 bytes at the end of this binary header need to get cleared.

Signed-off-by: Stefan Roese <sr@denx.de>
Cc: Luka Perkov <luka.perkov@sartura.hr>
Cc: Kevin Smith <kevin.smith@elecsyscorp.com>
2015-11-17 23:41:41 +01:00
Stefan Roese
9b163d8c4e kwbimage: Align payload size to 4 bytes
The MVEBU BootROM does not allow non word aligned payloads.

Signed-off-by: Stefan Roese <sr@denx.de>
Cc: Luka Perkov <luka.perkov@sartura.hr>
2015-10-21 02:25:01 +02:00
Stefan Roese
e29f1db3dd tools: kwboot: Add support for UART boot mode patching for Armada XP/38x
Currently, kwboot only allows dynamic UART boot mode patching for SoCs
with header version 0 (Orion, Kirkwood). This patch now enables this "-p"
feature also for SoCs with header version 1 (Armada XP / 38x etc). With
this its possible now to use the UART boot mode without on images that
are generated for other boot devices, like SPI. So no need to change
BOOT_FROM to "uart" for UART xmodem booting any more.

Signed-off-by: Stefan Roese <sr@denx.de>
Tested-by: Kevin Smith <kevin.smith@elecsyscorp.com>
Cc: Luka Perkov <luka.perkov@sartura.hr>
Cc: Dirk Eibach <eibach@gdsys.de>
2015-10-01 02:02:06 +02:00
Stefan Roese
7ddf8cfb0d kwbimage: Rename CONFIG_SYS_SPI_U_BOOT_OFFS to CONFIG_SYS_U_BOOT_OFFS
To use this offset for other boot device (like SDIO/MMC), lets rename
it to a more generic name. This will be used be the SDIO/MMC SPL boot
support for the A38x.

Signed-off-by: Stefan Roese <sr@denx.de>
Cc: Luka Perkov <luka.perkov@sartura.hr>
Cc: Dirk Eibach <eibach@gdsys.de>
2015-07-24 09:46:21 +02:00
Stefan Roese
1bbe63c3f2 kwbimage: Add support for SDIO/MMC boot device selection
This patch adds support to select the "sdio" as boot device in the
kwbimage.cfg file. This line selects this SDIO device:

BOOT_FROM  sdio

Tested on Marvell DB-88F6820-GP board.

Signed-off-by: Stefan Roese <sr@denx.de>
Cc: Luka Perkov <luka.perkov@sartura.hr>
Cc: Dirk Eibach <eibach@gdsys.de>
2015-07-24 09:45:56 +02:00
Kevin Smith
a0aad12346 tools/kwbimage.c: Correct header size for SPI boot
If defined, the macro CONFIG_SYS_SPI_U_BOOT_OFFS allows a board
to specify the offset of the payload image into the kwb image
file.  This value was being used to locate the image, but was not
used in the "header size" field of the main header.  Move the
use of this macro into the function that returns the header size
so that the same value is used in all places.

Signed-off-by: Kevin Smith <kevin.smith@elecsyscorp.com>
Tested-by: Stefan Roese <sr@denx.de>
2015-06-14 17:48:28 +02:00
Chris Packham
c250ce0f57 kwbimage: align v1 binary header to 4B
According to the Armada-XP documentation the binary header format
requires the header length to be aligned to 4B.

Signed-off-by: Chris Packham <judge.packham@gmail.com>
Acked-by: Stefan Roese <sr@denx.de>
Acked-by: Prafulla Wadaskar <prafulla@marvell.com>
2015-03-05 22:08:59 +01:00
Tom Rini
e35c6c7978 kwbimage: Make the Makefile pass in CONFIG_SYS_SPI_U_BOOT_OFFS
We can't use config.h directly as some platforms include headers that
aren't safe to use in normal Linux userland.

Signed-off-by: Tom Rini <trini@ti.com>
2015-02-07 07:03:00 -05:00
Stefan Roese
5632e580c6 tools: kwbimage: Support u-boot.img padding to CONFIG_SYS_SPI_U_BOOT_OFFS
This is used on the AXP boards, to pad u-boot.img to the desired offset in
SPI flash (only this boot target supported right now). This offset is
used by the SPL then to load u-boot.img into SDRAM and execute it there.

Signed-off-by: Stefan Roese <sr@denx.de>
Reviewed-by: Luka Perkov <luka.perkov@sartura.hr>
2015-02-06 17:24:51 +01:00
Guilherme Maciel Ferreira
a93648d197 imagetool: replace image registration function by linker_lists feature
The registration was introduced in commit f86ed6a8d5

This commit also removes all registration functions, and the member "next"
from image_type_params struct

Signed-off-by: Guilherme Maciel Ferreira <guilherme.maciel.ferreira@gmail.com>
2015-01-29 13:38:41 -05:00
Andreas Bießmann
f411b8f227 tools/kwbimage.c: fix parser error handling
The two error checks for image_boot_mode_id and image_nand_ecc_mode_id where
wrong and would never fail, fix that!

This was detected by Apple's clang compiler:
---8<---
  HOSTCC  tools/kwbimage.o
tools/kwbimage.c:553:20: warning: comparison of unsigned expression < 0 is always false [-Wtautological-compare]
                if (el->bootfrom < 0) {
                    ~~~~~~~~~~~~ ^ ~
tools/kwbimage.c:571:23: warning: comparison of unsigned expression < 0 is always false [-Wtautological-compare]
                if (el->nandeccmode < 0) {
                    ~~~~~~~~~~~~~~~ ^ ~
2 warnings generated.
--->8---

Signed-off-by: Andreas Bießmann <andreas.devel@googlemail.com>
Acked-By: Jeroen Hofstee <jeroen@myspectrum.nl>
2015-01-11 09:05:03 -05:00
Łukasz Majewski
93e9371f00 fix: tools: kwbimage.c: Initialize headersz to suppress warning
When building with my toolchain (4.8.2):
CROSS_COMPILE=/home/lukma/work/ptxdist/toolchains/arm/OSELAS.Toolchain-2013.12.0/arm-v7a-linux-gnueabi/gcc-4.8.2-glibc-2.18-binutils-2.24-kernel-3.12-sanitized/bin/arm-v7a-linux-gnueabi-

I see following WARNING:
tools/kwbimage.c: In function "kwbimage_set_header":
tools/kwbimage.c:803:8: warning: "headersz" may be used uninitialized in this function [-Wmaybe-uninitialized]
  memcpy(ptr, image, headersz);
        ^
This fix aims to suppress it.

Signed-off-by: Lukasz Majewski <l.majewski@samsung.com>
Acked-by: Stefan Roese <sr@denx.de>
Acked-by: Heiko Schocher <hs@denx.de>
2015-01-10 14:09:55 -05:00
Gerald Kerma
26f195c712 ARM: kwimage: fix v0 format
This patch fix the kwimage tools for version 0 fileformat used for kirkwood
Tested on sheevaplug

Signed-off-by: Gerald Kerma <drEagle@doukki.net>
Tested-by: Stefan Roese <sr@denx.de>
Reviewed-by: Stefan Roese <sr@denx.de>
Acked-By: Prafulla Wadaskar <prafulla@marvell.com>
2014-11-04 15:03:07 -05:00
Stefan Roese
934a529f94 tools/kwbimage: Fix compilation warning
This patch fixes a compilation warning of kwbimage.c:

tools/kwbimage.c: In function ‘kwbimage_set_header’:
tools/kwbimage.c:784:8: warning: ‘headersz’ may be used uninitialized in this function [-Wmaybe-uninitialized]
  memcpy(ptr, image, headersz);
        ^
Instead of using multiple if statements, use a switch statement with
a default entry. And return with error if an unsupported version
is configured in the cfg file.

Signed-off-by: Stefan Roese <sr@denx.de>
Acked-By: Wolfgang Denk <wd@denx.de>
2014-10-31 00:29:29 +01:00
Andreas Bießmann
e5f1a586a7 tools/kwbimage.c: fix build on darwin
kwbimage uses get_current_dir_name(3) which is a gnu extension and not
available on darwin host. Fix this by converting to portable getcwd(3)
function.

This patch fixes the following error:
---8<---
  HOSTCC  tools/kwbimage.o
tools/kwbimage.c:399:16: warning: implicit declaration of function 'get_current_dir_name' is invalid in C99 [-Wimplicit-function-declaration]
                        char *cwd = get_current_dir_name();
                                    ^
tools/kwbimage.c:399:10: warning: incompatible integer to pointer conversion initializing 'char *' with an expression of type 'int' [-Wint-conversion]
                        char *cwd = get_current_dir_name();
                              ^     ~~~~~~~~~~~~~~~~~~~~~~
2 warnings generated.
...
Undefined symbols for architecture x86_64:
  "_get_current_dir_name", referenced from:
      _image_headersz_v1 in kwbimage.o
ld: symbol(s) not found for architecture x86_64
--->8---

Signed-off-by: Andreas Bießmann <andreas.devel@googlemail.com>
Cc: Stefan Roese <sr@denx.de>
Acked-by: Stefan Roese <sr@denx.de>
[agust: fixed getcwd() return warning]
Signed-off-by: Anatolij Gustschin <agust@denx.de>
2014-10-31 00:26:12 +01:00
Stefan Roese
4acd2d24b6 tools: kwbimage: Add image version 1 support for Armada XP / 370
This patch integrates the Barebox version of this kwbimage.c file into
U-Boot. As this version supports the image version 1 type for the
Armada XP / 370 SoCs.

It was easier to integrate the existing and known to be working Barebox
source than to update the current U-Boot version to support this
v1 image header format. Now all Marvell MVEBU SoCs are supported:

Image type 0: Kirkwood & Dove
Image type 1: Armada 370 & Armada XP

Please note that the current v1 support has this restuction (same as
has Barebox version):

Not implemented: support for the register headers and secure headers
in v1 images

Tested on Marvell DB-78460-BP eval board.

Signed-off-by: Stefan Roese <sr@denx.de>
Tested-by: Luka Perkov <luka@openwrt.org>
2014-10-23 09:59:21 -04:00
Guilherme Maciel Ferreira
f86ed6a8d5 tools: moved code common to all image tools to a separated module.
In order to avoid duplicating code and keep only one point of modification,
the functions, structs and defines useful for "dumpimage" were moved from
"mkimage" to a common module called "imagetool".

This modification also weakens the coupling between image types (FIT, IMX, MXS,
and so on) and image tools (mkimage and dumpimage). Any tool may initialize the
"imagetool" through register_image_tool() function, while the image types
register themselves within an image tool using the register_image_type()
function:

                                                      +---------------+
                                               +------|   fit_image   |
 +--------------+          +-----------+       |      +---------------+
 |    mkimage   |--------> |           | <-----+
 +--------------+          |           |              +---------------+
                           | imagetool | <------------|    imximage   |
 +--------------+          |           |              +---------------+
 |  dumpimage   |--------> |           | <-----+
 +--------------+          +-----------+       |      +---------------+
                                               +------| default_image |
                                                      +---------------+

          register_image_tool()           register_image_type()

Also, the struct "mkimage_params" was renamed to "image_tool_params" to make
clear its general purpose.

Signed-off-by: Guilherme Maciel Ferreira <guilherme.maciel.ferreira@gmail.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
2013-12-13 09:15:32 -05:00
York Sun
2db1c3fc67 tools/Makefile: Move _GNU_SOURCE to Makefile
Commit 669dfc2e adds libfdt_env.h to HOSTCPPFLAGS. It causes stdio.h
to be included before _GNU_SOURCE is defined in C files. On some old hosts
some prototypes are protected by #ifdef __USE_GNU, which is set when
_GNU_SOURCE is defined.

Signed-off-by: York Sun <yorksun@freescale.com>
Acked-by: Simon Glass <sjg@chromium.org>
2013-08-16 13:45:15 -04:00
Wolfgang Denk
1a4596601f Add GPL-2.0+ SPDX-License-Identifier to source files
Signed-off-by: Wolfgang Denk <wd@denx.de>
[trini: Fixup common/cmd_io.c]
Signed-off-by: Tom Rini <trini@ti.com>
2013-07-24 09:44:38 -04:00
Nobuhiro Iwamatsu
3500e9aed6 kwbimage: Fix check variable of checksum
calc_hdrcsum two times are checked. checksumi of exthdr is not checked.

Signed-off-by: Nobuhiro Iwamatsu <nobuhiro.iwamatsu.yj@renesas.com>
CC: Prafulla Wadaskar <prafulla@marvell.com>
2011-05-12 23:53:41 +02:00
Loïc Minier
47aa51cd98 Fix typo ("comand" instead of "command")
Signed-off-by: Loc Minier <loic.minier@linaro.org>
2011-01-19 00:07:22 +01:00
Wolfgang Denk
ceb2d57c22 kwbimage.c: Fix compile warning when building on 64 bit systems (again)
Commit 51003b89 attempted to fix a build problem on 64 bit systems,
but just turned it into a build problem on 32 bit systems (silly me).

Now do the Right Thing (TM) and use a "%zu" printf format.

Also fix spelling error.

Signed-off-by: Wolfgang Denk <wd@denx.de>
2009-09-15 21:32:19 +02:00
Wolfgang Denk
51003b8981 kwbimage.c: Fix compile warning when building on 64 bit systems
Fix this warning when building on 64 bit systems:
tools/kwbimage.c: In function 'kwbimage_checksum32':
tools/kwbimage.c:135: warning: format '%d' expects type 'int',
but argument 4 has type 'long unsigned int'

Signed-off-by: Wolfgang Denk <wd@denx.de>
Cc: Prafulla Wadaskar <prafulla@marvell.com>
2009-09-11 09:11:03 +02:00
Prafulla Wadaskar
aa0c7a86cd mkimage: Add Kirkwood Boot Image support (kwbimage)
This patch adds support for "kwbimage" (Kirkwood Boot Image)
image types to the mkimage code.

For details refer to docs/README.kwbimage

This patch is tested with Sheevaplug board

Signed-off-by: Prafulla Wadaskar <prafulla@marvell.com>
Acked-by: Ron Lee <ron@debian.org>

Signed-off-by: Prafulla Wadaskar <prafulla@marvell.com>
2009-09-10 22:58:48 +02:00