Commit graph

53 commits

Author SHA1 Message Date
mario.six@gdsys.cc
e8fb4358c2 common: fit: Allow U-Boot images to be booted
In certain circumstances it comes in handy to be able to boot into a second
U-Boot. But as of now it is not possible to boot a U-Boot binary that is inside
a FIT image, which is problematic for projects that e.g. need to guarantee a
unbroken chain of trust from SOC all the way into the OS, since the FIT signing
mechanism cannot be used.

This patch adds the capability to load such FIT images.

An example .its snippet (utilizing signature verification) might look
like the following:

images {
	firmware@1 {
		description = "2nd stage U-Boot image";
		data = /incbin/("u-boot-dtb.img.gz");
		type = "firmware";
		arch = "arm";
		os = "u-boot";
		compression = "gzip";
		load = <0x8FFFC0>;
		entry = <0x900000>;
		signature@1 {
			algo = "sha256,rsa4096";
			key-name-hint = "key";
		};
	};
};

Signed-off-by: Mario Six <mario.six@gdsys.cc>
Reviewed-by: Tom Rini <trini@konsulko.com>
2016-07-25 12:00:05 -04:00
Andreas Dannenberg
e17adbb350 common: image-fit: Cleanup spelling mistakes
The comments in the source file are riddled with spelling mistakes. Be
a good citizen and take a stab at cleaning up some of the more obvious
ones.

Signed-off-by: Andreas Dannenberg <dannenberg@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2016-06-17 09:50:59 -04:00
Michal Simek
62afc60188 image: Add boot_get_fpga() to load fpga with bootm
Add function boot_get_fpga() which find and load bitstream to
programmable logic if fpga entry is present.
Function is supported on Xilinx devices for full and partial bitstreams
in BIN and BIT format.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Remove additional blankline in image.h
2016-05-24 13:17:59 +02:00
Michal Simek
ed0cea7c52 mkimage: Report information about fpga
Add FIT_FPGA_PROP that user can identify an optional
entry for fpga.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2016-05-24 11:15:02 +02:00
Simon Glass
8df81e17f8 image-fit: Don't display an error in fit_set_timestamp()
This function returns an error code and its caller may be able to fix the
error. For example fit_handle_file() expands the device tree to fit if there
is a lack of space.

In this case the caller does not want an error displayed. It is confusing,
since it suggests that something is wrong, when it fact everything is fine.
Drop the error.

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-05-23 11:50:18 -04:00
York Sun
c1913cb789 common: image-fit: Fix load and entry addresses in FIT image
FIT image supports more than 32 bits in addresses by using #address-cell
field. Fixing 64-bit support by using this field.

Signed-off-by: York Sun <york.sun@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2016-03-14 19:18:41 -04:00
York Sun
6004765d14 common: image-fit: Use a common function to get address
FIT image supports load address and entry address. Getting these
addresses can use a common function.

Signed-off-by: York Sun <york.sun@nxp.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2016-03-14 19:18:40 -04:00
Simon Glass
73223f0e1b Kconfig: Move CONFIG_FIT and related options to Kconfig
There are already two FIT options in Kconfig but the CONFIG options are
still in the header files. We need to do a proper move to fix this.

Move these options to Kconfig and tidy up board configuration:

   CONFIG_FIT
   CONFIG_OF_BOARD_SETUP
   CONFIG_OF_SYSTEM_SETUP
   CONFIG_FIT_SIGNATURE
   CONFIG_FIT_BEST_MATCH
   CONFIG_FIT_VERBOSE
   CONFIG_OF_STDOUT_VIA_ALIAS
   CONFIG_RSA

Unfortunately the first one is a little complicated. We need to make sure
this option is not enabled in SPL by this change. Also this option is
enabled automatically in the host builds by defining CONFIG_FIT in the
image.h file. To solve this, add a new IMAGE_USE_FIT #define which can
be used in files that are built on the host but must also build for U-Boot
and SPL.

Note: Masahiro's moveconfig.py script is amazing.

Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Add microblaze change, various configs/ re-applies]
Signed-off-by: Tom Rini <trini@konsulko.com>
2016-03-14 19:18:07 -04:00
Simon Glass
2e33e76165 Revert "image-fit: Fix signature checking"
This reverts commit 84ca65aa4b.

On signature verification failures fit_image_verify() should NOT exit with
error. Only keys marked 'required' can cause image verification failure.
This logic is already there and works correctly.

Add a comment to make this clear.

Fixes: 84ca65aa (image-fit: Fix signature checking)
Signed-off-by: Simon Glass <sjg@chromium.org>
2016-02-26 08:53:10 -07:00
Simon Glass
7a80de4641 image: Correct the OS location code to work on sandbox
A recent change broke the 'bootm' command on sandbox. The root cause is
using a pointer as an address. Conversion from pointer to address needs to
use map_to_sysmem() so that sandbox can do the right thing. The problem was
pre-existing but uncovered by a recent commit.

Fix this. Also move fit_get_end() to the C file to avoid needing to include
mapmem.h (and thus asm/io.h) everywhere.

Fixes: 1fec3c5d (common/image.c: Make boot_get_ramdisk() perform a check for Android images)

Signed-off-by: Simon Glass <sjg@chromium.org>
2016-02-26 08:53:10 -07:00
Andrej Rosano
84ca65aa4b image-fit: Fix signature checking
On signature verification failures fit_image_verify() should
exit with error.

Signed-off-by: Andrej Rosano <andrej@inversepath.com>
2015-10-19 17:06:16 -04:00
Hans de Goede
5bcec545a6 image-fit: Fix compiler warning in fit_conf_print()
This fixes the following compiler warning:

In file included from tools/common/image-fit.c:1:0:
./tools/../common/image-fit.c: In function ‘fit_conf_print’:
./tools/../common/image-fit.c:1470:27: warning: logical not is only applied
 to the left hand side of comparison [-Wlogical-not-parentheses]
    (const char **)&uname) > 0;

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2015-06-06 09:30:20 -04:00
Karl Apsite
84a07dbfd8 add boot_get_loadables() to load listed images
Added a trimmed down instance of boot_get_<thing>() to satisfy the
minimum requierments of the added feature.  The function follows the
normal patterns set by other boot_get<thing>'s, which should make it a
bit easier to combine them all together into one boot_get_image()
function in a later refactor.

Documentation for the new function can be found in source:
  include/image.h

Signed-off-by: Karl Apsite <Karl.Apsite@dornerworks.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2015-05-28 08:18:20 -04:00
Karl Apsite
ecf8cd6535 mkimage will now report information about loadable
Added FIT_LOADABLE_PROP, so the user can identify an optional entry
named "loadables" in their .its configuration. "loadables" is a comma
separated list in the .its

Documentation can be found in doc/uImage.FIT/source_file_format.txt and
                              doc/uImage.Fit/multi-with-loadables.its

Signed-off-by: Karl Apsite <Karl.Apsite@dornerworks.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2015-05-28 08:18:20 -04:00
Joe Hershberger
0eb25b6196 common: Make sure arch-specific map_sysmem() is defined
In the case where the arch defines a custom map_sysmem(), make sure that
including just mapmem.h is sufficient to have these functions as they
are when the arch does not override it.

Also split the non-arch specific functions out of common.h

Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2015-04-18 11:11:09 -06:00
Axel Lin
364ac5b583 image: Convert to use fdt_for_each_subnode macro
Use fdt_for_each_subnode macro to simplify the code a bit.

Signed-off-by: Axel Lin <axel.lin@ingics.com>
Acked-by: Simon Glass <sjg@chromium.org>
2015-02-16 12:41:41 -05:00
Guilherme Maciel Ferreira
39931f966a dumpimage: fit: extract FIT images
The dumpimage is able to extract components contained in a FIT image:

  $ ./dumpimage -T flat_dt -i CONTAINER.ITB -p INDEX FILE

The CONTAINER.ITB is a regular FIT container file. The INDEX is the poisition
of the sub-image to be retrieved, and FILE is the file (path+name) to save the
extracted sub-image.

For example, given the following kernel.its to build a kernel.itb:

  /dts-v1/;
  / {
      ...
      images {
        kernel@1 {
          description = "Kernel 2.6.32-34";
          data = /incbin/("/boot/vmlinuz-2.6.32-34-generic");
          type = "kernel";
          arch = "ppc";
          os = "linux";
          compression = "gzip";
          load = <00000000>;
          entry = <00000000>;
          hash@1 {
            algo = "md5";
          };
        };
        ...
      };
      ...
    };

The dumpimage can extract the 'kernel@1' node through the following command:

  $ ./dumpimage -T flat_dt -i kernel.itb -p 0 kernel
  Extracted:
   Image 0 (kernel@1)
    Description:  Kernel 2.6.32-34
    Created:      Wed Oct 22 15:50:26 2014
    Type:         Kernel Image
    Compression:  gzip compressed
    Data Size:    4040128 Bytes = 3945.44 kB = 3.85 MB
    Architecture: PowerPC
    OS:           Linux
    Load Address: 0x00000000
    Entry Point:  0x00000000
    Hash algo:    md5
    Hash value:   22352ad39bdc03e2e50f9cc28c1c3652

Which results in the file 'kernel' being exactly the same as '/boot/vmlinuz-2.6.32-34-generic'.

Signed-off-by: Guilherme Maciel Ferreira <guilherme.maciel.ferreira@gmail.com>
2015-01-29 13:38:41 -05:00
Marek Vasut
3811723132 image: Enable OpenRTOS booting via fitImage
Allow booting the OpenRTOS payloads via fitImage image type.

Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@ti.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2015-01-14 11:37:39 -05:00
Simon Glass
5bda35cffa x86: image: Add new image type for x64_64
This is a bit odd in that we are permitted to boot images for either, even
though they are separate architectures.

Signed-off-by: Simon Glass <sjg@chromium.org>
2014-10-28 20:44:04 -06:00
Jeroen Hofstee
718fecae4a image-fit: make local function static
Signed-off-by: Jeroen Hofstee <jeroen@myspectrum.nl>
2014-10-25 07:02:01 -04:00
Simon Glass
90268b878b x86: Support loading kernel setup from a FIT
Add a new setup@ section to the FIT which can be used to provide a setup
binary for booting Linux on x86. This makes it possible to boot x86 from
a FIT.

Signed-off-by: Simon Glass <sjg@chromium.org>
2014-10-22 09:03:06 -06:00
Simon Glass
5ba63dd4f9 sandbox: bootm: Don't fail the architecture check
Since sandbox is used for testing, it should be able to 'boot' an image
from any archhitecture. This allows us to test an image by loading it in
sandbox.

Signed-off-by: Simon Glass <sjg@chromium.org>
2014-10-22 09:03:06 -06:00
Simon Glass
fe20a81a68 Fix test failure caused by bad handling of ramdisk
Commit e3a5bbce broke the FIT image tests by not loading a ramdisk even if
a load address is provided in the FIT. The rationale was that a load address
of 0 should be considered to mean 'do not load'.

Add a new load operation which supports this feature, so that the ramdisk
will be loaded if a non-zero load address is provided.

Signed-off-by: Simon Glass <sjg@chromium.org>
2014-08-28 17:18:48 -04:00
Jeroen Hofstee
2b9912e6a7 includes: move openssl headers to include/u-boot
commit 18b06652cd "tools: include u-boot version of sha256.h"
unconditionally forced the sha256.h from u-boot to be used
for tools instead of the host version. This is fragile though
as it will also include the host version. Therefore move it
to include/u-boot to join u-boot/md5.h etc which were renamed
for the same reason.

cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Jeroen Hofstee <jeroen@myspectrum.nl>
2014-06-19 11:19:04 -04:00
Simon Glass
ce1400f694 Enhance fit_check_sign to check all images
At present this tool only checks the configuration signing. Have it also
look at each of the images in the configuration and confirm that they
verify.

Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Heiko Schocher <hs@denx.de> (v1)
2014-06-19 11:19:02 -04:00
Simon Glass
e3c83c0a1f Fix small 'case' typo in image-fit.c
This typo makes the comment confusing. Fix it.

Signed-off-by: Simon Glass <sjg@chromium.org>
2014-06-19 11:19:00 -04:00
Simon Glass
126cc86420 image: Remove the fit_load_image() property parameter
This can be obtained by looking up the image type, so is redundant. It is
better to centralise this lookup to avoid errors.

Signed-off-by: Simon Glass <sjg@chromium.org>
2014-06-19 11:18:59 -04:00
Simon Glass
12df2abe3e Reverse the meaning of the fit_config_verify() return code
It is more common to have 0 mean OK, and -ve mean error. Change this
function to work the same way to avoid confusion.

Signed-off-by: Simon Glass <sjg@chromium.org>
2014-06-19 11:18:58 -04:00
Simon Glass
4f427a421f fdt: Update functions which write to an FDT to return -ENOSPC
When writing values into an FDT it is possible that there will be
insufficient space. If the caller gets a useful error then it can
potentially deal with the situation.

Adjust these functions to return -ENOSPC when the FDT is full.

Signed-off-by: Simon Glass <sjg@chromium.org>
2014-06-11 16:25:46 -04:00
Heiko Schocher
2842c1c242 fit: add sha256 support
add sha256 support to fit images

Signed-off-by: Heiko Schocher <hs@denx.de>
Acked-by: Simon Glass <sjg@chromium.org>
2014-03-21 16:39:33 -04:00
Masahiro Yamada
f150c83704 cosmetic: FIT: fix a strange comment
There is a strange comment in fit_image_load().
This function can be used for loading Kernel Image, FDT
as well as ramdisk.

Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
Cc: Simon Glass <sjg@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
2014-02-19 11:10:05 -05:00
Masahiro Yamada
2f0877c7f4 FIT: delete unnecessary casts
Becuase fdt_check_header function takes (const void *)
type argument, the argument should be passed to it
without being casted to (char *).

Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
2013-09-20 10:30:54 -04:00
Masahiro Yamada
069d594557 cosmetic: FIT: fix typos in comments
Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
Acked-by: Simon Glass <sjg@chromium.org>
2013-09-20 10:30:54 -04:00
Robert P. J. Day
1f8b546f9e Fix some obvious typos across multiple subsystems.
Typoes fixed:

  "partion" -> "partition"
  "retrive", "retreive" -> "retrieve"
  "th" -> "to"

Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
2013-09-20 10:29:48 -04:00
Simon Glass
1fd1e2f69f image: Display FIT timestamp when booting
The timestamp is shown in fit_print_contents() but for some reason not
in fit_image_print(). This seems to be an oversight, since it is the latter
which is used by bootm.

Add timestamp printing in this case.

(There is code duplication in these two function, for looking at in a future
patch).

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-08-16 13:45:15 -04:00
Wolfgang Denk
1a4596601f Add GPL-2.0+ SPDX-License-Identifier to source files
Signed-off-by: Wolfgang Denk <wd@denx.de>
[trini: Fixup common/cmd_io.c]
Signed-off-by: Tom Rini <trini@ti.com>
2013-07-24 09:44:38 -04:00
Simon Glass
f320a4d845 bootm: Use selected configuration for ramdisk and fdt
If a specific configuraion is selected by the bootm command, e.g. with
'bootm 84000000#recoveryconf' we must honour this for not just the kernel,
but also the ramdisk and FDT.

In the conversion to using a common fit_image_load() function for loading
images from FITs (commits a51ec63 and 53f375f) this feature was lost.
Reinstate it by passing the selected configuration back from
fit_image_load() to boot_get_kernel(), then use this configuration
(which is stored in images->fit_uname_cfg) in both boot_get_ramdisk()
and boot_get_fdt().

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-07-12 10:32:39 -04:00
Simon Glass
56518e7104 image: Support signing of images
Add support for signing images using a new signature node. The process
is handled by fdt_add_verification_data() which now takes parameters to
provide the keys and related information.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-26 10:18:56 -04:00
Simon Glass
2f99807125 image: Use ENOENT instead of ENOMEDIUM for better compatibility
This error may not be defined on some platforms such as MacOS so host
compilation will fail. Use one of the more common errors instead.

Signed-off-by: Simon Glass <sjg@chromium.org>
Tested-by: Andreas Bießmann <andreas.devel@googlemail.com>
Tested-by: Lubomir Popov <lpopov@mm-sol.com>
2013-06-17 09:56:42 -04:00
Simon Glass
c6ac13bdea sandbox: image: Adjust FIT image printing to work with sandbox
Use map_sysmem() to convert from address to pointer, so that sandbox can
print FIT information without crashing.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-04 16:06:31 -04:00
Simon Glass
4651800d51 image: Use fit_image_load() to load kernel
Use the new common code to load a kernel. The functionality should not
change.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-04 16:06:31 -04:00
Simon Glass
53f375fa81 image: Use fit_image_load() to load FDT
Use the new common code to load a flat device tree. Also fix up a few casts
so that this code works with sandbox. Other than that the functionality
should not change.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-04 16:06:31 -04:00
Simon Glass
a51ec63b85 image: Use fit_image_load() to load ramdisk
Use the new common code to load a ramdisk. The functionality should not
change.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-04 16:06:31 -04:00
Simon Glass
782cfbb259 image: Introduce fit_image_load() to load images from FITs
At present code to load an image from a FIT is duplicated in the three
places where it is needed (kernel, fdt, ramdisk).

The differences between these different code copies is fairly minor.
Create a new function in the fit code which can handle any of the
requirements of those cases.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-06-04 16:06:31 -04:00
Simon Glass
87ebee39e9 image: Add CONFIG_FIT_SPL_PRINT to control FIT image printing in SPL
This code is very large, and in SPL it isn't always useful to print
out image information (in fact there might not even be a console
active). So disable this feature unless this option is set.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-05-14 15:37:25 -04:00
Simon Glass
1fe7d93891 image: Remove remaining #ifdefs in image-fit.c
There are only two left. One is unnecessary and the other can be moved
to the header file.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-05-14 15:37:25 -04:00
Simon Glass
d8b75360ee image: Rename hash printing to fit_image_print_verification_data()
This function will be used to print signatures as well as hashes, so rename
it. Also make it static since it is not used outside this file.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
2013-05-14 15:37:25 -04:00
Simon Glass
003efd7da4 image: Export fit_conf_get_prop_node()
This function will be needed by signature checking code, so export it,
and also add docs.

Signed-off-by: Simon Glass <sjg@chromium.org>
2013-05-14 15:37:25 -04:00
Simon Glass
e754da2aee image: Move error! string to common place
The string " error\n" appears in each error string. Move it out to a
common place.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de>
2013-05-14 15:37:25 -04:00
Simon Glass
ab9efc665a image: Move hash checking into its own function
The existing function is long and most of the code is indented a long
way. Before adding yet more code, split this out into its own function.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Marek Vasut <marex@denx.de> (v1)
2013-05-14 15:37:25 -04:00