If image backend provides verify_header callback then call it after writing
image to disk. This ensures that written image is correct.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
The sunxi_egon type used to take no -A argument (because we assume sunxi
targets are all ARM). However, as Allwinner D1 appears as the first
RISC-V sunxi target, we need to support -A; in addition, as external
projects rely on U-Boot mkimage to generate sunxi eGON.BT0 header, we
need to keep compatibility with command line without -A.
As the default value of arch in mkimage is not proper (IH_ARCH_PPC
instead of IH_ARCH_INVALID), to keep more compatibility, add an Aflag
field to image parameters to describe whether an architecture is
explicitly specified.
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Icenowy Zheng <icenowy@aosc.io>
Signed-off-by: Samuel Holland <samuel@sholland.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
If parameter -F is given but FIT support is missing, a NULL pointer might
dereferenced (Coverity CID 350249).
If incorrect parameters are given, provide a message and show usage.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Currently -l option for mkimage and dumpimage ignores option -T and always
tries to autodetect image type.
With this change it is possible to tell mkimage and dumpimage to parse
image file as specific type (and not random autodetected type). This allows
to use mkimage -l or dumpimage -l as tool for validating image.
params.type for -l option is now by default initialized to zero
(IH_TYPE_INVALID) instead of IH_TYPE_KERNEL. imagetool_get_type() for
IH_TYPE_INVALID returns NULL, which is assigned to tparams. mkimage and
dumpimage code is extended to handle tparams with NULL for -l option. And
imagetool_verify_print_header() is extended to do validation via tparams if
is not NULL.
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
At present mkimage displays the node information but it is not clear what
signing action was taken. Add a message that shows it. For now it only
supports showing a single signing action, since that is the common case.
Sample:
Signature written to 'sha1-basic/test.fit',
node '/configurations/conf-1/signature'
Public key written to 'sha1-basic/sandbox-u-boot.dtb',
node '/signature/key-dev'
Signed-off-by: Simon Glass <sjg@chromium.org>
The component st_size of struct stat is of type off_t. Depending on the
system printing it using %ld leads to a warning:
tools/mkimage.c:438:54: warning: format '%ld' expects argument of type
'long int', but argument 5 has type
'off_t' {aka 'long long int'} [-Wformat=]
438 | "%s: Bad size: \"%s\" is not valid image: size %ld < %u\n",
| ~~^
| |
| long int
| %lld
When comparing an off_t value to a 32bit integer we should not convert to
uint32_t but to off_t which may be wider.
Reported-by: Milan P. Stanić <mps@arvanta.net>
Fixes: 331f0800f1 ("mkimage: allow -l to work on block devices on Linux")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
This permits to prepare FIT image description that do not hard-code the
final choice of the signature algorithm, possibly requiring the user to
patch the sources.
When -o <algo> is specified, this information is used in favor of the
'algo' property in the signature node. Furthermore, that property is set
accordingly when writing the image.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
The actual opt string is inlined - and different. Seems this was a
left-over from older versions of 603e26f763.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Currently, an empty imput file causes `mmap()` to fail, and you get an
error like "mkimage: Can't read file.img: Invalid argument", which is
extremely unintuitive and hard to diagnose if you don't know what to
look for. Add an explicit check for an empty file and provide a clear
error message instead.
We already bounds check the image size when listing and re-signing
existing images, so we only need this check here, when opening data
files going into a image.
Signed-off-by: Thomas Hebb <tommyhebb@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
When "mkimage -l" was run on a block device it would fail with
erroneous message, because fstat reports a size of zero for those:
mkimage: Bad size: "/dev/sdb4" is not valid image
This patch identifies the "is a block device" case and reports it as
such, and if it knows how to determine the size of a block device on
the current OS, proceeds.
As shown in
http://www.mit.edu/afs.new/sipb/user/tytso/e2fsprogs/lib/blkid/getsize.c
this is no portable task, and I only handled the case of a modern
Linux kernel, which is what I can test.
Signed-off-by: Yann Dirson <yann@blade-group.com>
It's not always desirable to use 'keydir' and some ad-hoc heuristics
to get the filename of the signing key. More often, just passing the
filename is the simpler, easier, and logical thing to do.
Since mkimage doesn't use long options, we're slowly running out of
letters. I've chosen '-G' because it was available.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
These commands were disabled when CONFIG_FIT_SIGNATURE is disabled, but
they do not depend on crypto support so they can be unconditionally
enabled.
Signed-off-by: Joel Stanley <joel@jms.id.au>
In show_valid_options(), this patch introduces checking whether
a category has an entry ID. If not, adding it to a list for output
is skipped before calling qsort().
This patch will affect all kinds of image header categories
(-A, -C, -O and -T flags).
Signed-off-by: Naoki Hayama <naoki.hayama@lineo.co.jp>
Reviewed-by: Simon Glass <sjg@chromium.org>
Normally the FIT timestamp is created the first time mkimage is run on a
FIT, when converting the source .its to the binary .fit file. This
corresponds to using the -f flag. But if the original input to mkimage is
a binary file (already compiled) then the timestamp is assumed to have
been set previously.
Add a -t flag to allow setting the timestamp in this case.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Normally the FIT timestamp is created the first time mkimage is run on a
FIT, when converting the source .its to the binary .fit file. This
corresponds to using the -f flag. But if the original input to mkimage is
a binary file (already compiled) then the timestamp is assumed to have
been set previously.
Add a -t flag to allow setting the timestamp in this case.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Add a new error message in case the size of data written
are shorter than the one expected.
Currently, it will lead to the following error message:
"mkimage: Write error on uImage: Success"
This is not explicit when the error is because the device
doesn't have enough space. Let's use a more understandable message:
"mkimage: Write only 4202432/4682240 bytes, probably no space left on the device"
Signed-off-by: Mylène Josserand <mylene.josserand@collabora.com>
Reviewed-by: Walter Lozano <walter.lozano@collabora.com>
GCC recognizes /* fallthrough */ if -Wimplicit-fallthrough=3 is enabled.
Let's use it consistently.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
The image is usually stored in block device like emmc, SD card, make the
offset of image data aligned to block(512 byte) can avoid data copy
during boot process.
eg. SPL boot from FIT image with external data:
- SPL read the first block of FIT image, and then parse the header;
- SPL read image data separately;
- The first image offset is the base_offset which is the header size;
- The second image offset is just after the first image;
- If the offset of imge does not aligned, SPL will do memcpy;
The header size is a ramdon number, which is very possible not aligned, so
add '-B size'to specify the align size in hex for better performance.
example usage:
./tools/mkimage -E -f u-boot.its -B 0x200 u-boot.itb
Signed-off-by: Kever Yang <kever.yang@rock-chips.com>
Reviewed-by: Punit Agrawal <punit1.agrawal@toshiba.co.jp>
Reviewed-by: Tom Rini <trini@konsulko.com>
The ALIGN() is now available at imagetool.h, migrate to use it.
Signed-off-by: Kever Yang <kever.yang@rock-chips.com>
Reviewed-by: Punit Agrawal <punit1.agrawal@toshiba.co.jp>
Reviewed-by: Tom Rini <trini@konsulko.com>
There are multiple other openssl engines used by HSMs that can be used to
sign FIT images instead of forcing users to use pkcs11 type of service.
Relax engine selection so that other openssl engines can be specified and
use generic key id definition formula.
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Cc: Tom Rini <trini@konsulko.com>
FIT header verification in mkimage was treating a return code as a boolean,
which meant that failures in validating the fit were seen as successes.
Additionally, mkimage was checking all formats to find a header which
passes validation, rather than using the image type specified to
mkimage.
checkpatch.pl checks for lines ending with '(' and alignment matching
open parentheses are ignored to keep with existing coding style.
Signed-off-by: Jordan Hand <jorhand@microsoft.com>
i.MX8M bootable image type is like i.MX6/7, but there is signed HDMI
firmware image in front of A53 bootable image, which is also has an IVT
header.
Here we also include fit image to generate a bootable image.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Stefano Babic <sbabic@denx.de>
i.MX8/8X bootable image type is container type.
The bootable image, containers a container set which supports two
container. The 1st container is for SECO firmware, the 2nd container
needs to include scfw, m4_0/1 image, ACore images per your requirement.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
The set_header call in kwbimage.c adds a checksum to the end of the
image in addition to setting up the header. It 'helpfully' updates the
st_size to match the fact that the file is now longer. However, mkimage
uses this length in the munmap call. This can lead to unmapping an extra
page, of perhaps required data. When this happens, a SEGV can occur.
To prevent this from happening, the munmap call now uses the same length
that was passed to mmap. This could also have been fixed by not changing
the length in kwbimage.c, however changing it in the main file means
that other plugins will also not fall for the same trap.
Signed-off-by: Mark Tomlinson <mark.tomlinson@alliedtelesis.co.nz>
Signed-off-by: Chris Packham <judge.packham@gmail.com>
[cp: resolve checkpatch complaints]
Tested-by: Chris Packham <judge.packham@gmail.com>
The officially described way to generate boot.bin files for ZynqMP is to
describe the contents of the target binary using a file of the "bif"
format. This file then links to other files that all get packed into a
bootable image.
This patch adds support to read such a .bif file and generate a respective
ZynqMP boot.bin file that can include the normal image and pmu files, but
also supports image partitions now. This makes it a handy replacement for
the proprietary "bootgen" utility that is currently used to generate
boot.bin files with FSBL.
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.
In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.
This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.
Signed-off-by: Tom Rini <trini@konsulko.com>
If generating a script image and no datafile has been passed in, mkimage
dies with SIGSEGV:
#0 __strchr_sse2 () at ../sysdeps/x86_64/multiarch/../strchr.S:32
#1 0x0000000000403818 in main
at tools/mkimage.c:503
Add explicit test for datafile to fix this.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Commit 253c60a breaks the exit value of 'mkimage -T rkimage'
and print the following error:
mkimage: Can't print header for Rockchip Boot Image support: Success
It is not a failure to not print headers, so just display the warning message,
and finish the function properly.
Signed-off-by: Guillaume GARDET <guillaume.gardet@free.fr>
Cc: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
Reviewed-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Since commit 5b9d44df23 (mkimage: Display a better list of available image
types) mkimage usage text suggest to "use -T to see a list of available image
types". Unfortunately, commit 02221f29deb8 (mkimage: Convert to use getopt())
broke that feature, because getopt() fails when -T has no option argument.
Add a pseudo image type name 'list' that lists all image types. Update the
usage text accordingly.
Cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Add support for signing with the pkcs11 engine. This allows FIT images
to be signed with keys securely stored on a smartcard, hardware security
module, etc without exposing the keys.
Support for other engines can be added in the future by modifying
rsa_engine_get_pub_key() and rsa_engine_get_priv_key() to construct
correct key_id strings.
Signed-off-by: George McCollister <george.mccollister@gmail.com>
When we want to use Secure Boot with HAB from SPL over U-Boot.img,
we need to append the IVT to the image and leave space for the CSF.
Images generated as firmware_ivt can directly be signed using the
Freescale code signing tool. For creation of a CSF, mkimage outputs
the correct HAB Blocks for the image.
The changes to the usual firmware image class are quite small,
that is why I implemented that directly into the default_image.
Cc: sbabic@denx.de
v2-Changes: None
Signed-off-by: Sven Ebenfeld <sven.ebenfeld@gmail.com>
Reviewed-by: George McCollister <george.mccollister@gmail.com>
Tested-by: George McCollister <george.mccollister@gmail.com>
Adds -i option that allows specifying a ramdisk file to be added to the
FIT image when we are using the automatic FIT mode (no ITS file).
This makes adding Depthcharge support to LAVA much more convenient, as
no additional configuration files need to be kept around in the machine
that dispatches jobs to the boards.
Signed-off-by: Tomeu Vizoso <tomeu.vizoso@collabora.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Matt Hart <matthew.hart@linaro.org>
Cc: Neil Williams <codehelp@debian.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
The allocated memory should be freed. Fix it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Coverity (CID: 150963)
Reviewed-by: Tom Rini <trini@konsulko.com>
Inform getopt that '-c' requires a parameter.
Fixes: a02221f29d ("mkimage: Convert to use getopt()")
Signed-off-by: Karl Beldan <kbeldan@baylibre.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Update the error-handling code for -A, -C and -O to show a list of valid
options when an invalid one is provided.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Vinoth Eswaran <evinoth1206@gmail.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
The existing error code only displays image types which are claimed by a
particular U_BOOT_IMAGE_TYPE() driver. But this does not seem correct. The
mkimage tool should support all image types, so it makes sense to allow
creation of images of any type with the tool.
When an incorrect image type is provided, use generic code to display the
error.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Add a generic function which can display a list of items in any category.
This will allow displaying of images for the -A, -C, -O and -T flags. At
present only -T is supported.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
There is no need to set params.fit_image_type while parsing the arguments.
It is set up later anyway.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
When auto-fit is used, it is not valid to create a FIT without an image
file. Add a check for this to avoid a very confusing error message later
("Can't open (null): Bad address").
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
There is a special case in the code when auto-fit is used. Add a comment to
make it easier to understand why this is needed.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
The default image type is supposed to be IH_TYPE_KERNEL, as set in the
'params' variable. Honour this with auto-fit also.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
When building a FIT with external data (-E), U-Boot proper may require
absolute positioning for executing the external firmware. To acheive this
use the (-p) switch, which will replace the amended 'data-offset' with
'data-position' indicating the absolute position of external data.
It is considered an error if the requested absolute position overlaps with the
initial data required for the compact FIT.
Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
Some build systems want to be quiet unless there is a problem. At present
mkimage displays quite a bit of information when generating a FIT file. Add
a '-q' flag to silence this.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>