In certain circumstances it comes in handy to be able to boot into a second
U-Boot. But as of now it is not possible to boot a U-Boot binary that is inside
a FIT image, which is problematic for projects that e.g. need to guarantee a
unbroken chain of trust from SOC all the way into the OS, since the FIT signing
mechanism cannot be used.
This patch adds the capability to load such FIT images.
An example .its snippet (utilizing signature verification) might look
like the following:
images {
firmware@1 {
description = "2nd stage U-Boot image";
data = /incbin/("u-boot-dtb.img.gz");
type = "firmware";
arch = "arm";
os = "u-boot";
compression = "gzip";
load = <0x8FFFC0>;
entry = <0x900000>;
signature@1 {
algo = "sha256,rsa4096";
key-name-hint = "key";
};
};
};
Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Tom Rini <trini@konsulko.com>
The comments in the source file are riddled with spelling mistakes. Be
a good citizen and take a stab at cleaning up some of the more obvious
ones.
Signed-off-by: Andreas Dannenberg <dannenberg@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add function boot_get_fpga() which find and load bitstream to
programmable logic if fpga entry is present.
Function is supported on Xilinx devices for full and partial bitstreams
in BIN and BIT format.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Remove additional blankline in image.h
Add FIT_FPGA_PROP that user can identify an optional
entry for fpga.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This function returns an error code and its caller may be able to fix the
error. For example fit_handle_file() expands the device tree to fit if there
is a lack of space.
In this case the caller does not want an error displayed. It is confusing,
since it suggests that something is wrong, when it fact everything is fine.
Drop the error.
Signed-off-by: Simon Glass <sjg@chromium.org>
FIT image supports more than 32 bits in addresses by using #address-cell
field. Fixing 64-bit support by using this field.
Signed-off-by: York Sun <york.sun@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
FIT image supports load address and entry address. Getting these
addresses can use a common function.
Signed-off-by: York Sun <york.sun@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
There are already two FIT options in Kconfig but the CONFIG options are
still in the header files. We need to do a proper move to fix this.
Move these options to Kconfig and tidy up board configuration:
CONFIG_FIT
CONFIG_OF_BOARD_SETUP
CONFIG_OF_SYSTEM_SETUP
CONFIG_FIT_SIGNATURE
CONFIG_FIT_BEST_MATCH
CONFIG_FIT_VERBOSE
CONFIG_OF_STDOUT_VIA_ALIAS
CONFIG_RSA
Unfortunately the first one is a little complicated. We need to make sure
this option is not enabled in SPL by this change. Also this option is
enabled automatically in the host builds by defining CONFIG_FIT in the
image.h file. To solve this, add a new IMAGE_USE_FIT #define which can
be used in files that are built on the host but must also build for U-Boot
and SPL.
Note: Masahiro's moveconfig.py script is amazing.
Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Add microblaze change, various configs/ re-applies]
Signed-off-by: Tom Rini <trini@konsulko.com>
This reverts commit 84ca65aa4b.
On signature verification failures fit_image_verify() should NOT exit with
error. Only keys marked 'required' can cause image verification failure.
This logic is already there and works correctly.
Add a comment to make this clear.
Fixes: 84ca65aa (image-fit: Fix signature checking)
Signed-off-by: Simon Glass <sjg@chromium.org>
A recent change broke the 'bootm' command on sandbox. The root cause is
using a pointer as an address. Conversion from pointer to address needs to
use map_to_sysmem() so that sandbox can do the right thing. The problem was
pre-existing but uncovered by a recent commit.
Fix this. Also move fit_get_end() to the C file to avoid needing to include
mapmem.h (and thus asm/io.h) everywhere.
Fixes: 1fec3c5d (common/image.c: Make boot_get_ramdisk() perform a check for Android images)
Signed-off-by: Simon Glass <sjg@chromium.org>
This fixes the following compiler warning:
In file included from tools/common/image-fit.c:1:0:
./tools/../common/image-fit.c: In function ‘fit_conf_print’:
./tools/../common/image-fit.c:1470:27: warning: logical not is only applied
to the left hand side of comparison [-Wlogical-not-parentheses]
(const char **)&uname) > 0;
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Added a trimmed down instance of boot_get_<thing>() to satisfy the
minimum requierments of the added feature. The function follows the
normal patterns set by other boot_get<thing>'s, which should make it a
bit easier to combine them all together into one boot_get_image()
function in a later refactor.
Documentation for the new function can be found in source:
include/image.h
Signed-off-by: Karl Apsite <Karl.Apsite@dornerworks.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Added FIT_LOADABLE_PROP, so the user can identify an optional entry
named "loadables" in their .its configuration. "loadables" is a comma
separated list in the .its
Documentation can be found in doc/uImage.FIT/source_file_format.txt and
doc/uImage.Fit/multi-with-loadables.its
Signed-off-by: Karl Apsite <Karl.Apsite@dornerworks.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
In the case where the arch defines a custom map_sysmem(), make sure that
including just mapmem.h is sufficient to have these functions as they
are when the arch does not override it.
Also split the non-arch specific functions out of common.h
Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The dumpimage is able to extract components contained in a FIT image:
$ ./dumpimage -T flat_dt -i CONTAINER.ITB -p INDEX FILE
The CONTAINER.ITB is a regular FIT container file. The INDEX is the poisition
of the sub-image to be retrieved, and FILE is the file (path+name) to save the
extracted sub-image.
For example, given the following kernel.its to build a kernel.itb:
/dts-v1/;
/ {
...
images {
kernel@1 {
description = "Kernel 2.6.32-34";
data = /incbin/("/boot/vmlinuz-2.6.32-34-generic");
type = "kernel";
arch = "ppc";
os = "linux";
compression = "gzip";
load = <00000000>;
entry = <00000000>;
hash@1 {
algo = "md5";
};
};
...
};
...
};
The dumpimage can extract the 'kernel@1' node through the following command:
$ ./dumpimage -T flat_dt -i kernel.itb -p 0 kernel
Extracted:
Image 0 (kernel@1)
Description: Kernel 2.6.32-34
Created: Wed Oct 22 15:50:26 2014
Type: Kernel Image
Compression: gzip compressed
Data Size: 4040128 Bytes = 3945.44 kB = 3.85 MB
Architecture: PowerPC
OS: Linux
Load Address: 0x00000000
Entry Point: 0x00000000
Hash algo: md5
Hash value: 22352ad39bdc03e2e50f9cc28c1c3652
Which results in the file 'kernel' being exactly the same as '/boot/vmlinuz-2.6.32-34-generic'.
Signed-off-by: Guilherme Maciel Ferreira <guilherme.maciel.ferreira@gmail.com>
Allow booting the OpenRTOS payloads via fitImage image type.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This is a bit odd in that we are permitted to boot images for either, even
though they are separate architectures.
Signed-off-by: Simon Glass <sjg@chromium.org>
Add a new setup@ section to the FIT which can be used to provide a setup
binary for booting Linux on x86. This makes it possible to boot x86 from
a FIT.
Signed-off-by: Simon Glass <sjg@chromium.org>
Since sandbox is used for testing, it should be able to 'boot' an image
from any archhitecture. This allows us to test an image by loading it in
sandbox.
Signed-off-by: Simon Glass <sjg@chromium.org>
Commit e3a5bbce broke the FIT image tests by not loading a ramdisk even if
a load address is provided in the FIT. The rationale was that a load address
of 0 should be considered to mean 'do not load'.
Add a new load operation which supports this feature, so that the ramdisk
will be loaded if a non-zero load address is provided.
Signed-off-by: Simon Glass <sjg@chromium.org>
commit 18b06652cd "tools: include u-boot version of sha256.h"
unconditionally forced the sha256.h from u-boot to be used
for tools instead of the host version. This is fragile though
as it will also include the host version. Therefore move it
to include/u-boot to join u-boot/md5.h etc which were renamed
for the same reason.
cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Jeroen Hofstee <jeroen@myspectrum.nl>
At present this tool only checks the configuration signing. Have it also
look at each of the images in the configuration and confirm that they
verify.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Heiko Schocher <hs@denx.de> (v1)
This can be obtained by looking up the image type, so is redundant. It is
better to centralise this lookup to avoid errors.
Signed-off-by: Simon Glass <sjg@chromium.org>
It is more common to have 0 mean OK, and -ve mean error. Change this
function to work the same way to avoid confusion.
Signed-off-by: Simon Glass <sjg@chromium.org>
When writing values into an FDT it is possible that there will be
insufficient space. If the caller gets a useful error then it can
potentially deal with the situation.
Adjust these functions to return -ENOSPC when the FDT is full.
Signed-off-by: Simon Glass <sjg@chromium.org>
There is a strange comment in fit_image_load().
This function can be used for loading Kernel Image, FDT
as well as ramdisk.
Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
Cc: Simon Glass <sjg@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
Becuase fdt_check_header function takes (const void *)
type argument, the argument should be passed to it
without being casted to (char *).
Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
The timestamp is shown in fit_print_contents() but for some reason not
in fit_image_print(). This seems to be an oversight, since it is the latter
which is used by bootm.
Add timestamp printing in this case.
(There is code duplication in these two function, for looking at in a future
patch).
Signed-off-by: Simon Glass <sjg@chromium.org>
If a specific configuraion is selected by the bootm command, e.g. with
'bootm 84000000#recoveryconf' we must honour this for not just the kernel,
but also the ramdisk and FDT.
In the conversion to using a common fit_image_load() function for loading
images from FITs (commits a51ec63 and 53f375f) this feature was lost.
Reinstate it by passing the selected configuration back from
fit_image_load() to boot_get_kernel(), then use this configuration
(which is stored in images->fit_uname_cfg) in both boot_get_ramdisk()
and boot_get_fdt().
Signed-off-by: Simon Glass <sjg@chromium.org>
Add support for signing images using a new signature node. The process
is handled by fdt_add_verification_data() which now takes parameters to
provide the keys and related information.
Signed-off-by: Simon Glass <sjg@chromium.org>
This error may not be defined on some platforms such as MacOS so host
compilation will fail. Use one of the more common errors instead.
Signed-off-by: Simon Glass <sjg@chromium.org>
Tested-by: Andreas Bießmann <andreas.devel@googlemail.com>
Tested-by: Lubomir Popov <lpopov@mm-sol.com>
Use map_sysmem() to convert from address to pointer, so that sandbox can
print FIT information without crashing.
Signed-off-by: Simon Glass <sjg@chromium.org>
Use the new common code to load a flat device tree. Also fix up a few casts
so that this code works with sandbox. Other than that the functionality
should not change.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present code to load an image from a FIT is duplicated in the three
places where it is needed (kernel, fdt, ramdisk).
The differences between these different code copies is fairly minor.
Create a new function in the fit code which can handle any of the
requirements of those cases.
Signed-off-by: Simon Glass <sjg@chromium.org>
This code is very large, and in SPL it isn't always useful to print
out image information (in fact there might not even be a console
active). So disable this feature unless this option is set.
Signed-off-by: Simon Glass <sjg@chromium.org>
This function will be used to print signatures as well as hashes, so rename
it. Also make it static since it is not used outside this file.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
The string " error\n" appears in each error string. Move it out to a
common place.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
The existing function is long and most of the code is indented a long
way. Before adding yet more code, split this out into its own function.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de> (v1)